Silicon  cockroaches,  ‘dirty’  IPv4  addresses  and  other  Internet  oddities,  page  m 


THE  CONNECTED  ENTERPRISE 


APRIL  5  ,  2010 


CLEAR  CHOICE  TE^^ 

ENTERPRISE  CLOUD  COMPUTING 

Cloud  vendors  ace 
groundbreaking  test 

Terremark,  Rackspace,  BlueLock 
deliver  fast,  secure  cloud 
services.  Page  24 


|  Microsoft  vs.  Do J: 

I  Who  learned  what? 


Taking  stock  10  years  after  ruling 


BY  DENISE  DUBIE 

TEN  YEARS  after  losing  a  bitterly  contested  antitrust  bat¬ 
tle  to  the  U.S.  Department  of  Justice,  debate  continues  as  to 
whether  Microsoft  was  tamed  by  the  legal  rebuke  or  the  com¬ 
pany  treated  it  like  a  speed  bump. 

In  April  2000,  U.S.  District 
Court  Judge  Thomas  Penfield  Jack- 
son  ruled  that  Microsoft  violated 
federal  and  state  antitrust  laws  and 
ordered  the  company  to  decouple 
its  operating  system  and  browser 
technology,  pay  hefty  fines  and  undergo  years  of  scrutiny 
to  prevent  future  market  monopolizing.  The  ramifications 
of  the  years-long  trial  continue  in  the  European  Union  for 
Microsoft  today. 

Microsoft  remains  a  powerhouse  —  reporting  in  Janu¬ 
ary  record  revenues  of  nearly  $20  billion  for  its  second  fis¬ 
cal  quarter—  but  the  2000  ruling  has  meant  more  choices 
in  the  browser  arena  and  enabled  an  industry  to  innovate 

►  See  Microsoft,  page  1 7 
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Endpoint  security 
casts  ever  wider  net 


BYTIM  GREENE 


PROTECTING  NETWORK  endpoints  is  becoming  more 
difficult  as  the  type  of  endpoint  devices  —  desktops,  laptops, 
smartphones  —  grows,  making  security  a  complex  moving 
target. 

The  problem  is  compounded  by  the  fact  that  different 
groups  rely  on  the  devices  for  different  needs  and  levels  of 
protection  for  myriad  enterprise  resources. 

Deciding  the  appropriate  device  defense  becomes  the  No.l 
job  of  endpoint  security  specialists,  says  Jennifer  Jabbuseh, 
CISO  of  Carolina  Advanced  Digital  consultancy.  Depending 
on  the  device  and  the  user’s  role,  endpoints  need  to  be  locked 
down  to  a  greater  or  lesser  degree. 


►  See  Endpoint, page  16 


Building  the  engines  of  a  Smarter  Planet: 

It’s  not  just  what  you  have. 

It’s  how  you  use  it. 

On  a  smarter  planet,  midsize  businesses  are  facing  an  explosion  of  data  within  their  organizations.  As  the  engines  of  a  smarter 
planet,  they  don’t  see  this  data  as  a  burden,  but  as  a  tremendous  opportunity.  However,  they  need  the  right  tools  to  turn  that  data 
into  intelligence,  derive  meaningful  insight  and  use  it  to  take  action.  Introducing  IBM®Cognos®  Express™— the  first  and  only  integrated 
business  intelligence  and  planning  solution  built  and  priced  to  meet  the  needs  of  midsize  companies.  It  delivers  essential  reporting, 
analysis,  planning,  budgeting  and  forecasting  capabilities  to  gain  the  insight  needed  to  take  action,  drive  efficiency  and  identify  new 
opportunities  on  a  smarter  planet.  Because  it’s  not  just  what  you  have.  It's  how  you  use  it: 


ITurn  data  into  intelligence.  Your  entire  organization 
will  benefit  from  dashboards  and  reports  that  provide 
business  context  to  complex  data.  They  help  build  an 
information-driven  culture  that  connects  disparate  data 
and  turns  it  into  new  intelligence. 


Uncover  insights.  Go  from  information  to  insight. 
Spot  business  problems,  recognize  emerging  trends 
immediately  and  analyze  complex  data. 


3  Take  action.  Use  your  insight  to  have  a  real-time  view 
of  future  business  results.  Realigning  your  resources 
with  planning  can  help  you  react  faster  to  changes  in 
the  market,  reduce  labor  costs,  increase  sales  and  boost 
production. 


Plug  the  Cognos  Express  solution  into  your 
infrastructure  within  an  hour. 

Starting  at 


per  user  per  month.1 


A  free  30-day  trial  is  now  available. 


Midsize  businesses  are  the  engines  of  a  Smarter  Planet. 

The  IBM  Express  Advantage™  Concierge  can  connect  you  to  the  right  IBM 
Business  Partner.  Call  877-IBM-ACCESS  or  visit  ibm.com/engines/cognos2 


\  I  / 


$25/user/month  based  on  a  minimum  of  US$22,500  lor  25  users  financed  over  36  months.  Actual  rates  may  vary  based  on  your  creditworthiness,  configuration  details,  etc.,  and  are  subject  to  credit  approval  by  IBM  Credit  LLC.  For  some  clients, 
tolal  software  and  services  are  limited  to  75%  of  hardware  financed.  Other  conditions  may  apply,  so  please  contact  your  IBM  Authorized  Business  Partner  or  IBM  representative  for  more  information.  Actual  costs  will  vary  depending  on  individual 
customer  configurations  and  environment.  IBM,  the  IBM  logo,  ibm.com,  Cognos,  Cognos  Express.  Express  Advantage,  Smarter  Planet  and  the  planet  icon  are  trademarks  of  International  Business  Machines  Corp..  registered  in  many  jurisdictions 
worldwide.  Other  product  and  service  names  might  be  trademarks  ot  IBM  or  other  companies.  A  current  list  ot  IBM  trademarks  is  available  on  the  Web  at  www.ibm.com/legal/copytrade.shtml.  ©  International  Business  Machines  Corporation  2010. 
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FROM  THE  EDITOR  JOHN  DIX 

Crafting  a  UC  strategy 

If  you  have  been  putting  off  crafting  your  unified  com¬ 
munications  strategy,  we  don’t  blame  you.  The  more  you 
know,  the  more  you  realize  how  much  you  don’t  know. 

There  are  many  ways  to  approach  the  opportunity,  lots  of  competing 
technologies,  loads  of  legacy  investments  to  accommodate,  political  issues 
to  address,  and  questions  about  everything  from  how  to  identify  key  busi¬ 
ness  processes  to  how  to  measure  success. 

If  that  sums  up  your  feeling  about  UC,  take 
solace  in  the  fact  that  you’re  not  alone.  Even 
some  of  the  largest  companies  haven’t  figured  it  out.  One 
Fortune  100  company  recently  appointed  a  UC  czar  to 
piece  it  together.  His  job:  crafting  a  vision,  a  road  map 
and  an  architecture,  no  mean  feat  in  a  company  with 
hundreds  of  thousands  of  employees. 

While  you  hear  some  talk  about  UC  leading  to  cost 
savings  —  minimizing  a  bit  of  travel  or  enabling  you  to 
consolidate  some  servers  or  voice  mail  systems  —  UC  is  really  about  improving 
productivity  by  stitching  together  various  systems  employees  rely  on. 

But  what  center  do  you  build  from?  Should  UC  be  anchored  by  your  VoIP/voice 
mail  system?  E-mail/IM?  Your  mobile/smartphone  platform?  Your  audio/video/ 
Web  conferencing  systems?  Maybe  your  desktop  apps?  Or  do  you  even  have  to 
pick  a  core? 

Don’t  fall  into  the  trap  of  making  that  decision  too  early,  experts  say.  While  you 
need  to  be  cognizant  of  the  various  capabilities/limitations  of  the  platforms,  don’t 
pick  one  before  you  know  where  you  want  to  go. 

To  figure  that  out,  let  the  users  be  the  guide.  Do  some  internal  survey  work  and 
let  them  tell  you  what  would  simplify/improve  their  jobs.  After  all,  UC  is  all  about 
helping  these  folks  make  better  decisions  faster,  or  improving  their  ability  to  serve 
customers,  or  facilitating  the  manner  in  which  they  collaborate  on  different  tasks. 

With  that  in  hand,  you  can  identify  a  few  test  cases  and  then  match  these  targets 
to  the  capabilities  of  your  existing  systems  and  identify  where  you  need  to  fill  in  the 
gaps.  The  tricky  part,  however,  is  assessing  whether  the  resulting  plan  is  resilient 
enough  to  support  other  foreseeable  needs.  You  don’t  want  to  paint  yourself  into  a 
comer.  And  it  is  perhaps  this  last  worry  that  stymies  more  UC  efforts  than  anything. 

Paralysis  isn’t  much  of  a  strategy,  though,  so  it  is  important  to  reach  a  conclusion 
and  plow  ahead.  A  controlled  introduction  will  minimize  the  risks  and,  hopefully, 
lead  to  enough  success  to  build  onward  and  upward. 

Join  Network  World’s  Linkedln  Group.  We  have 1,000-plus  IT  members  who  use  the  forum 
to  interact  and  keep  up  on  core  tech  developments.  Post  a  question,  post  a  job  listing,  make  a 
connection  to  your  peers.  Put  the  “network"  in  networking.  Join  today  at  tinyurl.com/yd9vc32 
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Don't  downplay  security 
with  hosted  mail 

©  I  WOULD  HAVE  thought  that  your 
reader  base  was  more  security-oriented 
or  interested  than  this  article  suggests. 
(Re:  Tech  Debate:  Google  Gmail  vs. 
hosted  Microsoft  Exchange;  tinyurl.com/ 
yfsmc81.)  Neither  [Jonathan]  McCormick 
nor  [Daniel]  Riley  mention  the  required 
trust  factor  involved  in  an  organization 
hosting  mail  with  any  vendor,  though 
it  did  finally  get  a  hint  of  recognition  on 
page  20  under  “Regulated  Industry”. 

If  we  were  to  somehow  set  this  mat¬ 
ter  aside,  there  also  was  no  mention  of 
support  for  digital  signatures  (which 
Exchange  natively  supports  in  Outlook 
Web  Access  and  Gmail  does  not). 

ScottPaddock 

Ethics  and  morality 
are  not  the  same 

©WHILE  I  DEFINITELY  understand  and 
applaud  those  who  stop  to  really  give 
their  ethical  position  serious  thought, 
there  are  some  deeper  thoughts  that  go 
along  with  ethical  positions  that  are  easy 
to  miss.  (Re:  Seven  ethical  questions; 
tinyurl.com/y8vb5fx.)  Additionally  there 
seems  to  be  a  bit  of  confusion,  as  you  talk 
about  pondering 
business  ethics  and 
then  use  personal 
ethics  in  your  ques¬ 
tions.  For  instance,  for 
question  one,  instead 
of  asking  whether 
or  not  I  would  per¬ 
sonally  review  the 
misdirected  e-mail, 
it  would  be  a  better 
business  ethics  ques¬ 
tion  to  ask  what  the 
ethical  response  by  a 
business  would  be  in 
this  situation.  Would 
it  be  ethical  for  a  business  to  fire  A)  the 
sender,  B)  the  recipient,  C)  both  A  and  B, 
or  D)  None  of  the  above,  and  why? 

But  given  the  posed  questions  you’re 
going  to  get  a  lot  of  personal  ethics 
responses.  Which  isn’t  always  a  bad  thing, 
however  it  may  lead  to  a  lot  of  very  saintly 
responses  that  wouldn’t  have  a  lot  of  basis 
in  how  the  world  works  or  what  someone 
would  actually  do.  Sure,  we  all  think  it’s 
great  to  give  money  to  charity,  save  the 
whales,  drive  a  Prius,  and  stop  crime.  Or 


at  least  we  say  we  do  because  we  know 
that  it’s  the  morally  correct  answer  that 
other  people  expect,  but  morality  and 
ethics  are  not  the  same  concept. 

An  ethical  action  is  one  that  is  taken  as 
a  result  of  weighing  the  total  sum  of  the 
moral  imperatives  against  the  situation 
to  determine  its  ethical  value.  As  a  result 
it’s  possible  to  be  completely  immoral 
and  ethical,  as  well  as  to  be  completely 
moral  and  unethical.  If  you  kill  a  person 
and  prevent  the  imminent  murder  of  a 
child,  that  action  would  be  ethical,  even 
if  you  were  only  there  to  kill  him/her  for 
an  immoral  reason,  the  result  is  ethical 
outside  of  your  own  morality. 

udtknwme 

'Real'  war  doesn't  happen 
over  the  Internet 

©  IT’S  HARD  TO  imagine  how  the  term 
“war”  could  be  applied  to  “cyber”  activity, 
the  wild  speculation  of  U.S.  Department 
heads  and  online  commenters  notwith¬ 
standing.  (Re:  It  does  not  take  a  village  — 
or  a  country;  tinyurl.com/yguw93g). 

There  is  such  a  thing  as  cyber  warfare, 
it  is  the  modern  evolution  of  signals  intel¬ 
ligence.  If  country  A  blocks  country  B’s 
intelligence  drones  from  transmitting; 

if  country  B  “kills” 
country  A’s  battlefield 
communications 
capability  during  a 
military  skirmish  — 
that  is  “cyber  warfare”. 
Criminal  hacking, 

Web  site  defacement, 
denial-of-service 
attacks  —especially 
those  directed  against 
non-military  and 
non-infrastructure 
targets  —  are  not  “war” 
of  any  kind.  Let’s  be 
very  clear;  war  results 
in  people  being  killed,  in  property  being 
destroyed,  in  infrastructure  and  logisti¬ 
cal  capabilities  being  crippled.  And  by 
“infrastructure”  I  mean  real  infrastructure 
—  factories,  hospitals,  water  treatment 
plants,  power-generation  facilities,  roads 
and  bridges  —  not  the  Internet.  Anything 
short  of  this  is  merely  criminality,  and  the 
use  of  the  word  “war”  is  disingenuous  and 
naively  dangerous  in  a  world  where  we 
had  better  understand  the  difference. 

Anon 
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"Working  with  startup  companies 
on  a  tight  budget,  my  clients  know 
an  online  presence  is  needed. 

I  use  1&1  exclusively  to  satisfy 
their  requests  for  reliable  hosting 
at  affordable  rates." 

Lance  Ochs,  www.vacantpixels.com 
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Support 
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Greenpeace  rains 
on  the  cloud 

EVEN  GREENPEACE  CAN’T  resistthe 
urge  to  start  calling  everything  a  cloud.  A 
new  report  from  the  organization  warns 
that  the  growth  in  cloud  computing 
will  be  accompanied  by  a  sharp  rise  in 
greenhouse  gas  emissions,  and  calls 
on  big  companies  such  as  Facebook, 

Yahoo  and  Google  to  do  more  to 
help  the  environment.  Greenpeace 
estimates  that  the  electricity  consumed  by  the 
world's  data  centers  and  telecom  networks  -  which  it  calls 
“the  main  components  of  cloud-based  computing"  -  will  triple 
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the  enhanced  memory  features 
of  Intel’s  new  Xeon  7500  pro¬ 
cessors  featuring  the  Nehalem 
Next-Generation  Microarchitec¬ 
ture.  The  7500  includes 
up  to  eight  cores 
and  is  targeted  at 
high-end  applica¬ 
tions  such  as  data¬ 
bases  and  real-time 
business  intelligence, 
demanding  apps  that 
can  take  advantage  of 
the  processor’s  faster 
memory  access.  Intel 
has  put  four  memory 
channels  in  Nehalem-EX 
processors  to  increase 
memory  bandwidth, 
and  servers  can  include 
separate  buffered  memory 
chips  to  temporarily  store  data 
alongside  the  main  memory  for 
faster  execution.  “The  increased 


between  2007  and  2020.  It  wants  Internet  companies  to  do 
more  to  influence  the  supply  of  renewable  energy  available. 
“Ultimately,  if  cloud  providers  want  to  provide  a  truly  green  and 
renewable  cloud,  they  must  use  their  power  and  influence  to 
not  only  drive  investments  near  renewable  energy  sources,  but 
also  become  more  involved  in  setting  the  policies  that  will  drive 
more  rapid  deployment  of  renewable  electricity  generation 


memory  capability  is  huge” 
because  it  “really  does  open 
up  more  applications,”  says 
Jim  McGregor,  chief  technol¬ 
ogy  strategist  at  In-Stat.  IBM, 
NEC  and  Dell  have  all  come  up 
with  new  server  designs  to  take 
advantage  of  the  processors. 
http://tinyurl.com/yas33ce 


economy-wide,  and  place  greater  R&D  into  storage  devices 
that  will  deliver  electricity  from  renewable  sources  24/7," 
Greenpeace  said.  Sure.  OK.  But  did  you  have  to  call  it  cloud? 

tinyurl.com/ykbvm3f 
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Guarding  the  grid 

WE’RE  ONE  stepcloserto 
deploying  cyber-guards  for  the 
nation’s  electric  grid.  The  U.S. 
Department  of  Energy  has  offi¬ 
cially  opened  the  bidding  for  the 
creation  of  a  National  Electric 
Sector  Cyber  Security  Organiza¬ 
tion  that  would  protect  the  grid 
from  attack.  The  DOE  says  an 
independent  organization  is 


needed  to  identify  infrastruc¬ 
ture  vulnerabilities  and  threats, 
set  R&D  priorities,  and  enhance 
the  security  of  the  grid’s  control 
and  IT  systems,  tinyurl.com/ 
ydq8ypt 

Nehalem  all 
about  memory 

GET  READY  for  servers  that  tap 


Veteran  IT 
consolidator 
joins  DoD 

IT  CONSOLIDATION  appears 
to  be  on  tap  at  the  Depart¬ 
ment  of  Defense,  if  the  Obama 
administration’s  appointment  of 
California  state  CIO  Teri  Takai 
to  the  top  IT  job  at  the  agency 
is  any  indication.  President 
Obama  appointed  Takai  assis¬ 
tant  secretary  for  networks  and 
information  integration  at  the 
Defense  Department.  Before 
taking  the  top  California  IT  job 
in  2007,  Takai  held  the  same  job 
in  Michigan’s  state  government, 
where  she  led  an  effort  to  cen¬ 
tralize  IT  operations  —  closing 
several  dozen  data  centers  and 


TERI  TAKAI 


consolidating  40  statewide 
e-mail  systems  into  two.  Takai 
was  given  similar  marching 
orders  in  California,  where  Gov. 
Arnold  Schwarzenegger  early 
last  year  unveiled  plans  to  con¬ 
solidate  the  state’s  IT  operation 
under  the  office  of  the  state  CIO. 
The  approach  applied  by  Takai 
in  Michigan  and  California  is  in 
line  with  the  White  House  goal 
of  holding  back  on  IT  spending 
increases  while  consolidating 
IT  operations,  tinyurl.com/ 
yz7njr8 

What  can  Brown 
do  with  $1  billion? 

U  P  S  W I L  L  make  about  $1  billion 
in  technology  investments  this 
year  to  improve  the  efficiency  of 
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the  QWEST  SOLUTION:  Now  more  than  ever,  your  business  demands  that  you  identify 
inefficiencies  wherever  they  present  themselves.  As  a  single-source  provider  of  voice,  data  and 


network  solutions,  Qwest  offers  bundled  solutions  that  simplify  your  IT  operations  - —  so 
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BARRON’S  HAS  named 
Apple’s  Steve  Jobs  as  the 
"World's  Most  Valuable 
CEO”  because  “From 
iPods  to  iPads,  he 
mints  money 
for  shareholders." 

What’s  more,  Jobs  took  his  customary  $1  salary 
in  Apple’s  2009  fiscal  year,  which  ended  Sept.  27. 


Steve 
Jobs:  MVC 


MCAFEE:  ‘AMATEUR’  malware 
not  used  in  Google  attacks 


A  MISSTEP  by  McAfee  security  researchers  appar¬ 
ently  helped  confuse  the  security  research  com¬ 
munity  about  the  hackers  who  targeted  Google  and 
many  other  major  corporations  in  cyber  attacks 
last  year.  McAfee  disclosed  that  its  initial  report 
on  the  attacks,  branded  Operation  Aurora  by 
McAfee,  had  mistakenly  linked  several  files  to 
the  attacks,  files  that  had  nothing  to  do  with 
Aurora  after  all.  Aurora  is  a  sophisticated  spying 
operation,  set  up  to  siphon  intellectual  property  out  of 
major  corporations.  It  has  been  linked  to  attacks  on 
Google,  Intel,  Symantec,  Adobe,  and  other  compa¬ 
nies.  The  files  mistakenly  linked  to  Aurora  in  McAfee’s 
initial  research  are  actually  connected  to  a  still-active 
botnet  network  of  hacked  computers  that  was  created 
to  shut  down  Vietnamese  activists. 


P2P  SNITCH  wanted 


WARNER  BROS.  in  the  United  Kingdom  is  taking 
some  heat  from  Web  watchers  over  its  plans 
to  hire  an  intern  for  $26,000  a  year  to  sniff  out 
possible  piracy  activity  on  P2P  networks  and 
other  such  Web  spots. 
Suspicions  are  that  the 
company  might  encour¬ 
age  such  an  intern 
to  rat  on  his  friends, 
though  others  such 
as  Ars  Technica 
p  have  suggested 
that  pirates  them¬ 
selves  could  apply 
for  the  job  to  get 
an  inside  look  at 
the  company’s 
anti-piracy 
techniques. 
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Internet  activity 
we’re  most  con¬ 
cerned  about. 

Online  banking 


SOURCE:  VERISIGN  S  "INTERNET  TRUST 
INDEX  REPORT  .  MARCH2010 


its  operations,  with  the 
goal  of  cutting  billions 
more  from  its  costs 
over  the  longterm, 
according  to  CIO  Dave 
Barnes.  One  of  its  main 
goals  is  to  improve  the 
speed  and  efficiency  of 
its  delivery  operations. 

To  achieve  that,  UPS  is 
installing  around  200 
sensors  in  vehicles  — 
in  places  such  as  the 
brakes,  engine  box  and 
on  the  exterior  —  to  col¬ 
lect  data  and  pinpoint 
opportunities  where 
drivers  can  adjust 
their  driving  to  maximize  fuel 
efficiency.  The  company  is  also 
investing  in  more  efficient  cool¬ 
ing  technologies  at  its  two  data 
centers,  which  are  in  Mahwah, 
N.J.,  and  Alpharetta,  Ga.  The  cli¬ 
mates  there  are  relatively  cool  in 
winter,  so  during  that  period  the 
company  can  shut  off  its  chiller 
equipment  and  use  outside  air 
for  cooling,  tinyurl.com/ 

It’s  a  bird,  it’s 
a  plane...  it’s 
Supertasker 

UNIVERSITY  OF 

Utah  psychologists 
say  that  only 
2.5%  of  the 
population 
—  what  they 
call  “super¬ 
taskers”  —  can 
drive  safely  while 
yapping  on  a  hands-free 
cellphone.  Jason  Watson  and 
David  Strayer  studied  200  folks 
on  a  driving  simulator  looking 
at  factors  such  as  braking  reac¬ 
tion  time.  “Given  the  number  of 
individuals  who  routinely  talk 
on  the  phone  while  driving,  one 
would  have  hoped  that  there 
would  be  a  greater  percent¬ 
age  of  supertaskers,”  Watson 
says.  “And  while  we’d  prob¬ 
ably  all  like  to  think  we  are  the 
exception  to  the  rule,  the  odds 
are  overwhelmingly  against 
it.  In  fact,  the  odds  of  being  a 


supertasker  are  about  as  good  as 
your  chances  of  flipping  a  coin 
and  getting  five  heads  in  a  row.” 
Tails,  you  lose,  tinyurl.com/ 
yef4x6v 

Apps  take  a 
licking  and  keep 
on  ticking 

RESEARCHERS  LED  bythe 
Massachusetts  Institute  of 
Technology  and  funded  by  the 
Defense  Advanced  Research 
Projects  Agency  have  developed 
software  that  keeps  applica¬ 
tions  running  while  fending 
off  attacks.  The  ClearView 
system  detects  attacks  by 
noting  when  applications 
perform  outside  their 
normal  range,  then  tries 
a  variety  of  patches  on  the 
fly  and  chooses  the  one  that 
best  returns  the  applica¬ 
tion  to  normal.  What  sets 
ClearView  apart  from  other 
attack-mitigation  schemes  is 
that  programs  don’t  stop  run¬ 
ning  while  patches  are  chosen 
and  put  in  place,  so  users  can 
continue  to  work,  says  Martin 
Rinard,  the  lead  researcher 
on  the  project.  During  testing, 
ClearView  underwent  attacks 
designed  by  a  team  from 
security  contractor  SPARTA. 
ClearView  fixed  the  application 
in  70%  of  the  cases  in  the  first 
phase,  and  in  92%  of  the  cases  in 
the  second  phase,  Rinard  says. 
tinyurl.com/yhptsjg 
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Power  your  planet. 


We  live  on  a  planet  where  nearly  6  terabytes  of  information  are  being  exchanged  over  the  Internet  every 
second,  and  where  billions  of  connected  people  are  surpassed  in  number,  only  by  trillions  of  connected 
objects  and  devices.  Why  then  is  the  average  server  in  the  average  business  running  at  only  10%  utilization? 
It’s  hard  enough  for  businesses  to  meet  the  demands  of  a  smarter  planet  today,  much  less  the  unforeseen 
demands  of  tomorrow.  The  new  POWER7  Systems™  from  IBM  are  not  simply  servers— they’re  fully 
integrated  systems  with  the  ability  to  run  hundreds  of  virtual  servers,  helping  you  drive  up  to  90%  utilization. 
These  next-generation  systems  integrate  massive  parallel  processing,  throughput  computing  and  analytics 
capabilities  to  optimize  for  the  complex  workloads  of  an  increasingly  data-driven  world.  Learn  how  to 
power  your  planet  at  ibm.com/poweryourplanet 


Smarter  systems 


for  a  Smarter  Planet. 


Sources  for  claims  can  be  found  at  www.ibm.com/power/p7claim.  IBM,  the  IBM  logo,  ibm.com,  P0WER7  Systems,  Smarter  Planet  and  the  planet  icon  are  trademarks  of  International  Business 
Machines  Corp.,  registered  in  many  jurisdictions  worldwide.  A  current  list  of  IBM  trademarks  is  available  on  the  Web  at  www  ibm.com/legal/copytrade.shtml.  ©  international  Business  Machines  Corporation  2010 
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Customers  eye  desktop  virtualization 


BY  JON  BRODKIN 

THE  GROWING  maturity  of  virtual  desktop 
technologies  and  customer  interest  in  Win¬ 
dows  7  has  virtual  desktop  infrastructure 
vendors  expecting  big  adoption  numbers  in 
2010.  But  while  most  CIOs  are  at  least  think¬ 
ing  about  desktop  virtualization,  this  year’s 
projects  may  be  limited  to  pilots  and  small 
deployments  because  of  up-front  costs  and 
technology  challenges  that  hamper  user 
experience. 

An  ITIC  survey  of  more  than  800  busi¬ 
nesses  worldwide  shows  that  31%  of  respon¬ 
dents  plan  to  implement  VDI  this  year,  more 
than  double  the  previous  year.  A  related 
technology,  application  virtualization,  is 
also  on  the  upswing  with  37%  of  respondents 
planning  implementations,  an  increase  from 
15%  the  previous  year.  Likewise,  Gartner 
has  found  that  33%  of  organizations  plan  to 
deploy  hosted  virtual  desktops  in  2010. 

The  flip  side  to  those  numbers  is  that  about 
two-thirds  of  customers  either  won’t  deploy 
desktop  and  application  virtualization  this 
year,  or  are  undecided.  There’s  good  reason 
for  that,  says  Burton  Group  analyst  Chris 
Wolf. 

“The  ROI  case  for  virtual  desktops  [over 
three  to  five  years]  is  break-even  at  best  right 
now,”  Wolf  says.  “Contrary  to  what  vendors 
are  claiming,  the  ROI  isn’t  there  for  a  large- 
scale,  server-hosted  virtual  desktop  deploy¬ 
ment.”  (See  related  story:  5  virtual  desktop 
pitfalls  at  http://tinyurl.com/yhqhrkq.) 

Some  early  adopters  say  they  have  saved 
money  by  prolonging  the  life  of  PCs  or  using 
less  expensive  thin  clients,  and  that  hosting 
desktop  images  in  the  data  center  improves 
manageability  and  makes  it  easier  to  restore 
an  employee’s  desktop  in  case  of  device 
failure. 

But  moving  desktop  images  and  applica¬ 
tions  from  a  user’s  hands  to  the  data  center 
requires  a  major  shift  in  both  IT  infrastruc¬ 
ture  and  mindset.  Network  director  John 
Turner  of  Brandeis  University  in  Waltham, 
Mass.,  has  embraced  server  virtualization 
but  is  still  skeptical  about  the  technology’s 
counterpart  on  the  desktop.  If  a  server  goes 
down,  users  can  probably  still  connect  to  the 
Internet  and  get  work  done.  But  “if  a  desk¬ 
top  shuts  down,  it’s  a  whole  different  story,” 
Turner  says.  “Folks  will  be  dead  in  the  water.” 
VDI  also  requires  significant  IT  staff  training, 
he  says. 

But  with  many  businesses  planning  to 
upgrade  to  the  Windows  7  operating  system, 
IT  departments  are  taking  a  closer  look  at 


virtual  desktop  models.  Vista  never  really 
caught  on  the  way  XP  did,  but  Windows  7  is 
another  story. 

“Windows  7  is  definitely  a  catalyst,”  Wolf 
says.  “It’s  a  good  operating  system  certainly, 
but  with  the  pending  XP  end-of-life  in  another 
four  years,  there  are  a  lot  of  enterprises  plan¬ 
ning  their  next-generation  desktops.  They 
understand  they  have  to  retool  their  desktop 
infrastructure.  That’s  causing  them  to  put 
everything  on  the  table,  including  desktop 
virtualization.” 

Wolf  believes  2010  will  be  the  year  enter¬ 
prises  “kick  the  tires,”  and  start  small  pilots. 
But  even  those  who  adopt 
desktop  virtualization 
aren’t  likely  to  virtualize 
their  entire  desktop  infra¬ 
structures  right  away,  he 
says.  “In  terms  of  whole¬ 
sale  virtualization  of  the 
desktop,  I  don’t  think 
we’re  anywhere  close  at 
this  point,”  Wolf  says. 

The  typical  CIO  has  a 
“dose  of  skepticism,”  says 
Phil  Grove,  global  direc¬ 
tor  of  end  user  services 
at  CSC,  an  IT  outsourc¬ 
ing  firm.  “There  are  not 
a  lot  of  people  doing  it  at 
scale  yet.” 

There  are  numerous 
models  for  enterprises  to 
consider  within  the  desk¬ 
top  virtualization  realm. 

There’s  presentation  vir¬ 
tualization,  which  executes  applications  on  a 
server  and  remotely  presents  the  application 
interface  to  a  user’s  endpoint  device,  accord¬ 
ing  to  Burton  Group. 

VDI  is  generally  synonymous  with  server- 
hosted  virtual  desktops,  but  is  slightly  differ¬ 
ent  than  presentation  virtualization.  Server 
virtualization  is  typically  the  back-end 
platform  for  VDI,  with  each  desktop  run¬ 
ning  inside  an  isolated  server-based  virtual 
machine. 

Other  forms  of  desktop  virtualization 
include  blade  PCs  and  client-hosted  virtual 
desktops.  A  blade  PC  runs  in  the  data  cen¬ 
ter  and  can  be  accessed  remotely  by  client 
devices,  but  each  blade  PC  can  only  serve  one 
user  at  a  time. 

Client-hosted  virtualization,  on  the  other 
hand,  puts  the  desktop  hypervisor  on  the 
desktop  machine  itself,  requiring  a  more 
robust  client  device  but  also  providing  bet¬ 
ter  options  for  offline  access.  Client-hosted 


virtualization  is  becoming  popular  with 
organizations  that  let  employees  bring  their 
own  PCs  to  work,  Grove  says. 

You  can  also  expect  some  cloud-hosted 
desktop  offerings  to  emerge.  The  vendor  Vir¬ 
tual  Bridges  has  taken  a  step  in  this  direction 
by  offering  hosted  virtual  desktops  running 
in  Rackspace  data  centers. 

VMware  and  Citrix  have  run  into  road¬ 
blocks  in  their  plans  to  build  bare-metal 
hypervisors  —  virtualization  software  that 
runs  directly  on  system  hardware  instead 
of  on  top  of  a  host  operating  system  —  for 
desktop  PCs.  But  both  companies,  as  well 
as  Microsoft,  are  stay¬ 
ing  busy  on  the  desktop 
front. 

VMware  recently 
upgraded  its  ThinApp 
application  virtual¬ 
ization  software  to 
improve  migration  of 
applications  from  older 
versions  of  Windows  to 
Windows  7.  Microsoft, 
meanwhile,  has  lowered 
the  price  of  licensing 
the  Windows  operating 
system  in  virtual  desk¬ 
top  deployments,  and 
announced  new  bundles 
with  Citrix  designed  to 
lure  customers  away 
from  VMware. 

Specifically,  Microsoft 
and  Citrix  offer  a  year’s 
worth  of  free  desktop 
virtualization  for  as  many  as  500  users  for 
companies  that  switch  from  VMware  View  to 
Citrix’s  XenDesktop  VDI  and  Microsoft  VDI. 

Whether  a  customer  opts  for  VMware, 
Citrix  or  Microsoft  on  the  virtualization 
side,  upgrades  in  Windows  7  will  increase 
the  viability  of  virtual  desktop  deployments, 
experts  say. 

IT  manger  Dan  Powers  of  Cox  Communi¬ 
cations  in  Omaha,  Neb.,  who  runs  VMware 
View  and  is  testing  Windows  7  for  a  potential 
upgrade,  says  Windows  7  desktop  images  can 
be  built  in  a  modular  fashion,  making  them 
less  data-intensive.  Whereas  Cox’s  XP  images 
are  10GB  apiece,  a  Windows  7  desktop  image 
can  be  2GB  or  even  less. 

“It’s  a  modular  approach  to  building  your 
desktop,”  he  says.  Whereas  XP  is  “an  all-or- 
nothing  deal,”  Windows  7  desktop  images 
allow  Powers  to  strip  out  unnecessary  com¬ 
ponents,  he  says.  “I  don’t  ned  this  big,  bloated 
operating  system  anymore.”  ■ 


VDI  APPEAL 


of  organiza¬ 
tions  plan  to 
deploy  hosted 
virtual  desk¬ 
tops  in  2010. 

SOURCE:  GARTNER 
RESEARCH 
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How  Google  wants  to  change  telecom 


BYBRADREED 

GOOGLE  SAYS  it  doesn’t  want  to  be  your 
Internet  service  provider;  rather,  it  wants 
to  make  your  ISP  behave  in  a  more  Google- 
friendly  manner. 

This  is  why,  over  the  past  several  years,  the 
Internet  search  giant  has  used  its  financial 
clout  and  the  strength  of  its  brand  to  make 
regular  forays  into  the  telecom  industry. 
From  lobbying  for  net  neutrality  legislation  to 
developing  its  own  mobile  phone  and  operat¬ 
ing  system  to  creating  an  experimental  high¬ 
speed  broadband  network,  Google  hasn’t 
been  shy  about  throwing  its  weight  around 
on  the  carriers’  turf. 

And  what  does  Google  want  from  all  this? 
Essentially  it  wants  to  give  carriers  less  con¬ 
trol  over  what  they  can  and  cannot  do  with 
their  networks.  For  instance,  one  goal  of  the 
Android  platform  was  to  get  carriers  to  be 
less  strict  about  what  applications  and  con¬ 
tent  they  will  allow  to  run  over  their  wireless 
networks.  Net  neutrality,  meanwhile,  will 
prevent  carriers  from  giving  priority  to  their 
own  content  over  the  content  of  rival  ISPs 
and  Internet  companies. 

Here  we  take  a  look  at  Google’s  major  tele¬ 
com  initiatives  while  breaking  down  their 
overarching  goals  and  the  level  of  success 
they  have  achieved. 

1 

Net  neutrality 

PURPOSE:  Google  isn’t  fighting  this  particu¬ 
lar  battle  alone  as  several  Internet  companies 
and  consumer  groups  have  been  advocating 
for  net  neutrality  rules  over  the  past  five  years. 
The  push  for  net  neutrality  began  in  2005, 
when  incumbent  telecom  carriers  success¬ 
fully  lobbied  the  Federal  Communications 
Commission  to  repeal  common  carrier  rules 
that  required  the  incumbents  to  allow  ISPs 
such  as  EarthLink  to  buy  space  on  their  broad¬ 
band  networks  at  discount  rates.  Both  the  Web 
companies  and  consumer  groups  feared  that 
this  would  lead  to  a  small  handful  of  large  ISPs 
consolidating  power  over  Internet  access,  thus 
giving  them  the  power  to  slow  or  degrade  com¬ 
petitors’  traffic. 

Or  as  Harold  Feld,  the  senior  vice  presi¬ 
dent  for  the  open  media  advocacy  group 
Media  Access  Project,  explained  to  Network 
World  last  year,  “Before  2005  we  didn’t  need 
[net  neutrality]  because  we  had  a  separation 
rule  where  carriers  had  to  sell  access  to  their 
underlying  network.  AT&T  and  Verizon 


were  never  allowed  to  touch  EarthLink’s  DSL 
operation.” 

So  in  lieu  of  bringing  back  common  carrier 
rules  for  telcos  and  cable  companies,  the  Web 
companies  began  pushing  for  net  neutrality 
regulations  as  the  next-best  solution.  Broadly 
speaking,  net  neutrality  is  the  principle  that 
ISPs  should  not  be  allowed  to  block  or  degrade 
Internet  traffic  from  their  competitors  in  order 
to  speed  up  their  own.  The  major  telcos  have 
uniformly  opposed  net  neutrality  by  arguing 
that  such  government  intervention  would  take 
away  ISPs’  incentives  to  upgrade  their  net¬ 
works,  thus  stalling  the  widespread  deploy¬ 
ment  of  broadband  Internet. 


Google  telecom 
by  tne  numbers 

Some  key  figures  that  illustrate 
Google’s  interest  in  telecom 

$6  million  The  amount  of  money 
Google  spent  lobbying  the  federal 
government  on  various  legislation  last 
year,  including  net  neutrality  rules. 

$60  million  —  $1.6  billion 

Broadpoint  AmTech's  estimate  of  how 
much  Google’s  experimental  fiber 
network  could  cost. 

1400  The  number  of  communities 
that  have  applied  to  host  Google’s 
new  fiber  network. 


3  million  ComScore's  estimate 
of  how  many  Android-based  phones 
have  been  sold  in  the  United  States. 


RESULTS:  As  far  as  Google  is  concerned, 
so  far,  so  good.  Last  fall  FCC  Chairman  Julius 
Genachowski  proposed  two  new  rules  to 
commission  policy  that  would  bar  carriers 
from  blocking  or  degrading  lawful  Web  traffic 
and  that  would  force  carriers  to  be  more  open 
about  their  traffic  management  practices.  The 
battle  isn’t  yet  over,  however,  as  both  Verizon 
and  AT&T  have  been  actively  fighting  final 
commission  approval  of  the  two  rules.  The 
carriers  have  argued  that  restricting  their 
ability  to  favor  certain  content  and  to  create 
tiered  services  would  take  away  their  finan¬ 
cial  incentives  to  invest  in  network  upgrades. 
Additionally,  the  carriers  have  successfully 
lobbied  several  politicians,  including  Arizona 


Sen.  John  McCain,  to  try  to  block  the  FCC’s 
proposed  net  neutrality  rules  before  they  are 
even  voted  on  by  the  commission. 

2 

tLm  ■  Android  and 
the  Google  Nexus  One 


PURPOSE:  The  Android  operating  system 
and  the  Nexus  One  smartphone  are  both  part 
of  Google’s  vision  of  having  wireless  devices 
that  aren’t  tied  down  to  any  particular  net¬ 
work.  In  other  words,  Google  wants  users 
to  eventually  be  able  to  take  their  favorite 
devices  with  them  from  one  carrier  to  another 
without  having  to  buy  a  whole  new  device. 

The  first  part  of  implementing  this  vision 
came  in  2007,  when  Google  unveiled  its  long- 
awaited  Android  open  source  mobile  oper¬ 
ating  system.  At  the  time  of  the  platform’s 
release,  Google  said  it  wanted  Android  to  be 
a  starting  point  for  spurring  innovation  in 
developing  mobile  applications  that  would 
give  users  the  same  experience  surfing  the 
Web  on  their  phone  as  they  currently  have 
on  their  desktop  computers.  In  the  two-plus 
years  since  its  debut,  Android  has  landed  on 
several  high-profile  devices,  including  the 
Motorola  Droid,  the  HTC  myTouch  3G  and 
the  Samsung  Moment.  Now  that  the  Motorola 
Backflip  has  debuted  on  AT&T’s  network,  all 
four  major  carriers  in  the  United  States  sup¬ 
port  Android-based  devices. 

But  while  Android  phones  clearly  gener¬ 
ated  a  lot  of  market  hype  over  the  past  two 
years,  they  have  also  largely  been  tied  to 
exclusivity  agreements  that  make  their  use 
dependent  on  individual  carriers.  With  this  in 
mind,  Google  late  last  year  launched  its  own 
Nexus  One  smartphone,  which  will  run  on 
both  the  T-Mobile  and  Verizon  networks.  The 
Nexus  One  doesn’t,  however,  mark  any  inten¬ 
tion  by  Google  to  get  heavily  involved  in  the 
handset  market.  Rather,  the  company  is  using 
the  Nexus  One  as  a  showcase  for  the  Android 
platform’s  potential  when  running  on  a  device 
that  has  the  most  cutting-edge  hardware  and 
software  available  on  the  market. 

RESULTS:  By  all  accounts.  Android  has 
been  a  big  hit  so  far.  The  number  of  Android- 
based  devices  grew  at  a  rapid  clip  during  the 
fourth  quarter  of 2009  and  Android  phones 
now  account  for  just  over  7%  of  all  smart¬ 
phones  sold  in  the  United  States. 

As  for  the  Nexus  One,  we  aren’t  likely  to  see 
its  full  impact  until  it  makes  its  debut  on  the 
Verizon  network  sometime  this  spring.  How¬ 
ever,  just  because  both  T-Mobile  and  Verizon 
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SCO  Group:  Die  Hard  17 


ALMOST  TWO  years  ago  I  wrote  in  this 
column  that  the  SCO  Group’s  future  was  all 
used  up.  Sorry  to  say,  just  like  a  cliche  movie 
character,  it  has  turned  out  that  the  SCO  Group  does  not  die  easily.  But 
the  end  may  finally  be  getting  closer  with  this  week’s  jury  ruling  in 
favor  of  SCO  Group  adversary  Novell. 

It  is  now  almost  seven  years  since  the  SCO  Group  gave  up  on  the  idea 
of  actually  producing  good  products  and  hitched  its  future  to  suing 
others.  In  my  first  column  on  the  topic  I  predicted  that  someone  would 
pay  off  the  SCO  Group,  but  it  turned  out  that  no  one  was  willing  to 
hold  his  nose  long  enough  to  do  so.  Well,  almost  no  one:  it  may  be  that 
Microsoft  provided  SCO  with  some  funding.  But  maybe  this  was  like 
two  skunks  mating  —  maybe  Microsoft  could  not  smell  the  stink  since 
it  has  frequently  threatened  the  same  kind  of  attacks  on  Linux  using 
secret  information  that  the  SCO  Group  was  known  for. 

For  those  of  you  who  achieved  consciousness  since  this  process 
started,  the  SCO  Group  filed  suit  against  IBM,  claiming  that  IBM  stole 
mountains  of  Unix  code  and  put  it  in  Linux  and  wanting  billions  of 
dollars  in  compensation.  It  also  threatened  various  companies  that 
were  using  Linux.  The  SCO  Group  claimed  that  it  just  wanted  to  pro¬ 
tect  its  intellectual  property  rights  but,  naturally,  refused  to  tell  anyone 
exactly  what  in  Linux  was  stolen  code.  In  other  words,  the  SCO  Group 
was  in  it  for  the  money  —  everything  else  was  window  dressing.  If 
open  source  software,  including  Linux,  had  to  die  to  enrich  the  SCO 
Group,  so  much  the  better. 

A  not  so  minor  problem  developed  for  the  SCO  Group  when  Novell 
said  that  it  had  never  transferred  the  Unix  copyrights  to  the  SCO  Group. 
If  that  were  the  case,  the  SCO  Group  would  have  no  rights  to  claim  in 
its  suit  against  IBM.  In  response,  the  SCO  Group  started  throwing 


lawyers  at  Novell  —  and  sued  Novell  for  Novell’s  claim. 

In  mid-2008 1  wrote  the  column  referred  to  first  paragraph  because 
a  judge  had  ruled  that  Novell  was  right  and  that  the  SCO  Group  had 
no  rights  with  which  to  threaten  the  world.  It  looked  like  we  had 
entered  the  SCO  Group’s  end  game,  but  it  threw  some  more  lawyers 
and  appealed. 

Another  judge  ruled  that  a  jury  should  decide  if  Novell  was  right, 
which  led  to  a  three-week  jury  trial  in  Salt  Lake  City.  That  jury  ruled 
this  week  that  Novell  was  right  in  saying  that  the  Unix  copyrights  had 
not  been  transferred. 

This  should  be  the  end.  If  the  SCO  Group  has  no  rights  it  cannot  con¬ 
tinue  the  suit  against  IBM.  In  addition,  the  SCO  Group  declared  bank¬ 
ruptcy  and  is  just  about  out  of  money.  But,  legally,  a  lawsuit  is  not  over 
until  any  appeals  are  decided,  and  where  there  is  a  lawsuit,  there  are 
lawyers  who  may  be  willing  to  take  a  chance  on  an  appeal  —  particu¬ 
larly  if  any  of  them  still  thinks  there  could  be  billions  of  IBM  dollars 
and  other  billions  of  Linux  users’  dollars  there  for  the  picking. 

I  do  hope  that  this  is  my  next-to-last  column  on  the  SCO  Group.  The 
last  column  will  be  to  celebrate  the  lack  of  yet  another  sequel  in  this 
string  of  movies,  each  of  which  has  started  like  a  horror  flick  and  ended 
on  an  upbeat  note. 

Disclaimer:  I  expect  that  Harvard,  for  some  students,  starts  like  a 
horror  flick  and  ends,  on  commencement  day,  on  a  upbeat  note  but  I 
know  of  no  university  opinion  on  the  past  ability  of  the  SCO  Group  to 
rise,  zombie  like,  from  repeated  near-death  experiences.  So  the  above 
non-movie  review  is  mine  alone.  ■ 

Bradner  is  Harvard  University's  technology  security  officer.  He  can  be 
reached  at  sob@sobco.com. 


will  be  supporting  the  Nexus  One,  don’t  think 
that  you  can  merely  cancel  your  subscription 
to  one  of  the  carriers  and  bring  your  device 
onto  another  network.  Since  Verizon  uses 
the  CDMA-based  EV-DO  Rev.  A  3G  technol¬ 
ogy  and  T-Mobile  uses  the  GSM-based  HSPA 
4G  technology,  Google  has  had  to  design 
two  different  Nexus  One  devices  that  will  be 
compatible  with  each  network.  So  basically, 
don’t  set  your  sights  on  carrier-hopping 
until  Google  comes  out  with  a  4G  phone  that 
can  run  on  Long-Term  Evolution,  the  GSM- 
based  4G  technology  that  has  been  adopted 
by  T-Mobile,  AT&T  and  Verizon. 
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The  experimental 
broadband  network 


PURPOSE:  This  could  be  Google’s  most 
audacious  project  to  date,  as  the  company 
announced  last  month  on  its  blog  that  it  is  con¬ 
structing  an  experimental  fiber  network  that 
it  says  will  “deliver  Internet  speeds  more  than 
100  times  faster  than  what  most  Americans 


have  access  to  today  with  1  gigabit  per  second, 
fiber-to-the-home  connections.” 

This  project  is  unlikely  to  threaten  the  big 
ISPs’  bottom  lines  since  Google  says  it  plans 
to  only  offer  access  to  the  network  in  “a  small 
number  of  trial  locations”  and  that  it  will  serve 
anywhere  from  50,000  to  500,000  people. 
But  much  like  its  efforts  with  Android  and 
the  Nexus  One,  Google’s  plan  to  deploy  a  high¬ 
speed  fiber  network  is  less  about  compet¬ 
ing  directly  with  incumbent  companies  and 
more  about  pushing  incumbent  companies  to 
change  how  they  operate. 

Or  put  another  way,  Google  is  trying  to  pres¬ 
sure  carriers  to  step  up  their  games  and  hasten 
their  plans  to  build  out  more  high-speed  net¬ 
works.  With  typical  broadband  speeds  lagging 
behind  those  in  countries  such  as  South  Korea 
and  Japan,  Google  is  seemingly  trying  to  give 
U.S.  carriers  a  kick  in  the  pants  by  saying,  “If 
we  can  build  a  network  this  fast  that  serves 
large  numbers  of  people,  so  can  you.”  And 
what’s  more,  the  Google  network  will  be  open 
access,  meaning  third-party  service  provid¬ 
ers  will  be  able  to  use  it  to  deliver  Internet  to 
their  customers.  In  this  way,  Google  is  trying 


to  bring  back  discarded  common  carrier  rules 
by  showing  that  it’s  possible  to  have  a  strong 
and  successful  fiber  network  that  third-party 
service  providers  can  use  to  wholesale  access 
to  subscribers. 

RESULTS:  The  limited  scope  of  the  net¬ 
work  means  that  it  could  easily  be  brushed  off 
as  an  interesting  novelty  that  would  make  an 
unrealistic  model  for  a  nationwide  high-speed 
fiber  network.  Even  so,  the  mere  fact  that  the 
Google  brand  is  behind  the  new  network  — 
and  the  fact  that  Google’s  other  telecom  ini¬ 
tiatives  have  had  a  good  level  of  success  so  far 
—  means  that  the  network’s  development  and 
implementation  will  garner  plenty  of  industry 
attention.  ■ 


News  Alerts 

Hate  hunting  for  stories  on  a  specific 
topic?  Let  the  news  come  to  you  with 
Network  World’s  latest  news  alerts  focus¬ 
ing  on  security,  financials,  standards, 
trade  show  news  and  vendor-specific 
news,  www.nwdocfinder.com/1002 
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TREND  ANALYSIS 


The  Internet’s  hidden  quirks 


At  IETF  meeting,  a  peek  at  the  ’Net’s  infrastructure  reveals 
hidden  oddities,  threats 


BY  CAROLYN  DUFFYMARSAN 


ANAHEIM,  CALIF.  -  The  world’s  leading 
Internet  engineers  see  many  surprising  trends 
occurring  under  the  covers  of  this  complex 
network  environment.  Among  their  findings 
are  the  evolution  of  silicon  cockroaches  —  tiny, 
mobile,  unattended  wireless  devices  —  and 
“dirty”  Internet  address  space  that  can’t  be  used 
by  network  operators.  Here  are  a  few  eye-open¬ 
ers  about  what’s  really  going  on  in  the  Internet 
infrastructure  that  were  discussed  at  a  meeting 
of  the  Internet  Engineering  Task  Force  (IETF) 
held  in  Anaheim  last  week. 

Watch  out  for  SILICON 
COCKROACHES. 

Network  operators  should  prepare  for  an 
infestation  of  silicon  cockroaches,  a  term 
used  to  describe  Internet-connected  devices 
such  as  mobile  sensors,  biomedical  systems 
and  RFID-powered  asset  trackers  that  oper¬ 
ate  without  human  administration. 

Aaron  Falk,  chair  of  the  Internet  Research 
Task  Force,  listed  silicon  cockroaches  as  a  key 
factor  in  the  Internet  becoming  a  network  of 
things,  rather  than  a  network  of  computers,  in 
the  future.  Falk  said  15  billion  devices  could  be 
hooked  up  to  the  Internet  by  2015,  a  figure  that 
will  be  “orders  of  magnitude  bigger”  than  the 
number  of  Internet-connected  people.  Silicon 
cockroaches  pose  several  threats  to  network 
operators,  including  naming,  security  and 
management  headaches  that  require  addi¬ 
tional  research,  Falk  said. 


Internet's  THIRD-LARGEST 
CARRIER  is  Google. 

If  you  thought  Internet  traffic  was  carried  by, 
well,  carriers,  think  again.  In  2009,  Google 
became  the  third  largest  global  transit  carrier 
on  the  Internet,  according  to  Craig  Labovitz, 
chief  scientist  at  Arbor  Networks.  Labovitz 
said  Google  carries  between  6%  and  10%  of 
the  Internet’s  traffic,  due  to  its  acquisition  of 
YouTube  and  its  massive  build-out  of  data 
centers.  Arbor  Networks  came  up  with  this 
figure  based  on  a  two-year  study  that  involves 
monitoring  more  than  110  ISPs  and 
content  providers  representing  25% 
\  of  the  Internet’s  inter-domain  traf¬ 

fic.  Labovitz  said  Google  is  helping 
>  change  the  topology  of  the  Inter- 

*«fc. 

net  by  creating  a  flatter,  more 
■  densely  interconnected  Internet. 
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FAREWELL  to  peer-to-peer. 

The  era  of  BitTorrent,  Kazaa,  iMesh  and 
other  peer-to-peer  (P2P)  networking  services 
appears  to  be  ending,  according  to  the  Arbor 
Networks  study  of  Internet  traffic  trends.  The 
study  measured  P2P  traffic  as  a  percentage 
of  overall  Internet  traffic  and  found  that  it 
declined  more  than  70%  between  2007  and 
2009.  Now  representing  less  than  1%  of  Inter¬ 
net  traffic,  P2P  is  the  fastest-declining  applica¬ 
tion  on  the  Internet.  The  most  popular  appli¬ 
cations  are  Web,  video  and  VPN  services.  As 
video  downloads  rise,  network  operators  are 
seeing  more  traffic  entering  their  networks 
via  Port  80,  Labovitz  said. 


were  exaggerated. 


Internet  traffic  is  growing  at  the  rate  of  45%  a 
year,  according  to  the  Arbor  Networks  study. 
Labovitz  called  this  growth  rate  “significant,” 
but  said  it  doesn’t  approach  an  exaflood  level. 
Exaflood  is  a  term  coined  in  2006  to  refer  to 
projected  growth  rates  of  Internet  traffic  that 
would  be  50  or  100  times  bigger  than  it  is 
today.  The  Arbor  Networks  study  estimates 
the  Internet’s  total  inter-domain  traffic  vol¬ 
ume  per  month  was  a  large-but-manageable 
9  exabytes  in  2009. 

Should  Teredo  be  TERMINATED? 

Teredo  is  a  tunneling  mechanism  that  was 
designed  to  help  transition  the  Internet  from 
IPv4,  the  current  version  of  the  Internet  Pro¬ 
tocol,  to  the  long-anticipated  upgrade  known 
as  IPv6.  Teredo  encapsulates  IPv6  packets 
inside  IPv4  packets  for  transit  over  network 
address  translation  devices  and  IPv4  back¬ 
bone  networks. 

The  latest  Internet  statistics  show  only  a 
trickle  of  Teredo  traffic.  This  is  despite  the 
backing  of  Microsoft,  which  built  Teredo  capa¬ 
bilities  into  Windows  XP,  Vista  and  Windows 
7,  and  Hurricane  Electric,  which  operates  a 
Teredo  relay  service.  Geoff  Huston,  chief  sci¬ 
entist  at  APNIC,  estimates  that  Teredo  repre¬ 
sents  only  5%  of  IPv6  tunneling  traffic,  down 
from  as  much  as  20%  in  2008.  An  alternative 


tunneling  mechanism  known  as  6to4  is  gain¬ 
ing  in  popularity,  with  Comcast  seeing  a  500% 
increase  in  6to4  traffic  in  the  last  30  days. 

“The  folks  doing  6to4  tunneling  as  a  per¬ 
centage  of  IPv6  folks  is  increasingly  rapidly, 
while  the  number  of  folks  doing  Teredo  is 
really  low,”  Huston  said.  “I’m  not  sure  we  need 
[Teredo.]”  Huston  estimates  that  tunneling  of 
IPv6  traffic  inside  IPv4  packets  represents 
around  10%  of  IPv6  sessions. 

How  much  remaining  IPv4 

ADDRESS  SPACE  IS  “DIRTY?” 

One  topic  that’s  coming  up  in  the  IPv6  com¬ 
munity  is  the  prevalence  of  “dirty”  IPv4 
address  space,  which  refers  to  unallocated 
prefixes  that  are  used  by  various  organiza¬ 
tions  to  number  their  internal  networks.  Marc 
Blanchet,  an  IPv6  expert  with  consultancy 
Viagenie,  says  that  of  24  unallocated  prefixes 
he  reviewed,  22  were  “dirty”  and  only  two 
were  “clean.”  The  worry  is  that  if  a  network 
operator  starts  broadcasting  one  of  these 
“dirty”  IPv4  prefixes,  users  will  be  shut  off 
from  sites  and  networks  that  use  that  prefix 
internally.  The  issue  is  important  given  that 
the  Internet  is  expected  to  run  out  of  IPv4 
address  space  by  2012.  The  regional  Internet 
registries  said  in  January  that  less  than  10%  of 
IPv4  addresses  remain  unallocated. 

Sweden:  NOT  AS  SECURE 
as  you  think. 

Sweden  has  been  considered  ^  : 
a  leader  in  DNS  security  since 
2006,  when  it  became  the  first 
country  to  support  DNS  Secu¬ 
rity  Extensions  (DNSSEC)  on  .se,  its  country 
code  top-level  domain.  DNSSEC  prevents 
hackers  from  redirecting  Web  traffic  from  a 
legitimate  Web  site  to  a  fake  one  by  adding  a 
layer  of  encryption  to  the  DNS. 

However,  the  largest  domain  name  regis¬ 
trars  in  Sweden  are  not  supporting  DNSSEC, 
admitted  Patrik  Faltstrom,  a  DNSSEC  expert 
and  long-time  IETF  participant. 

“The  banks  in  Sweden  are  not  signing  their 
names,”  Faltstrom  said,  adding  that  only  2% 
of.se  domain  names  are  signed.  “The  pick-up 
rate  in  Sweden  has  been  very,  very  slow....Only 
governments  and  regulators  are  jumping  in.” 

The  Czech  Republic  has  the  highest  num¬ 
ber  of  signed  domains  with  its  .cz  domain, 
Faltstrom  says.  The  Czech  Republic  began 
supporting  DNSSEC  in  2009.  ■ 
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The  Right  Technology.  Right  Away.’ 


SPECIAL  FOCUS 


Dos  and  don’ts  of  endpoint  security 

The  list  of  possible  products  that  can  help  secure  the  ever-increasing  number 
of  corporate  network  endpoints  grows  and  grows.  It’s  impossible  to  use  them 
all  or  to  100%  ensure  that  endpoints  never  fall  prey  to  attacks,  so  it  is  key  to 
weigh  the  pros  and  cons  of  each  product  and  whether  it  fits  the  environment 
being  protected.  Here  are  some. 


Pros 

Cons 

PERSONAL 

FIREWALL 

Can  lock  down  devices 
as  necessary  and 
provide  valuable  network 
traffic  information  via 
aggregated  logs. 

Too  many  rule  sets  across 
different  employee  groups 
can  complicate  management, 
and  overly  restrictive  policies 
can  cause  user  backlash. 

HOST-BASED  IPS 

Can  screen  encrypted 
traffic  because  it  is  being 
decrypted  at  the  host. 

Can  take  a  toll  on 
host  processors  and 
maintaining  distributed 

IPS  can  be  a  burden. 

SECURITY 

SUITES 

One  vendor  to  deal  with, 
integrated  functionality, 
one  dashboard,  can 
be  pricing  breaks. 

Rules  out  best-of-breed 
option,  may  pay  for  more 
features  than  required. 

DATA  LOSS 
PREVENTION 

Provides  granular  control 
over  what  devices  do  with 
data,  extends  controls 
beyond  the  wired  enterprise. 

To  be  effective,  unstructured 
data  needs  to  be  classified. 

►  Endpoint,  from  page  1 

For  instance,  Wyoming  Medical  Center  in 
Casper,  has  four  classifications  of  PCs  —  open 
PCs  in  hallways  for  staff  use;  PCs  at  nursing 
stations;  PCs  in  offices;  and  PCs  on  wheels 
that  move  between  patient  rooms  and  handle 
specific,  limited  applications,  says  Rob  Petti¬ 
grew,  manager  of  technical  systems  and  help 
desk  for  the  center. 

Pettigrew  is  deploying  Novell  Zen  Works 
to  850  of  the  center’s  900  PCs  in  order  to 
make  sure  each  class  has  the  right  software. 
With  110  applications  and  40  major  medical 
software  systems  that  makes  a  huge  matrix 
of  machine  types  and  restrictions  to  contend 
with,  he  says. 

In  addition,  physicians  in  affiliated  clinics 
can  access  via  SSL  VPN,  but  they  are  limited 
to  reaching  Web  servers  in  a  physician’s  por¬ 
tal  that  is  protected  from  the  hospital  data  net¬ 
work.  Some  Citrix  thin-clients  are  also  used 
to  protect  data  from  leaving  the  network,  but 
overall  the  strategy  for  unmanaged  machines 
is  a  work  in  progress,  Pettigrew  says. 

One  concern  that  can  be  addressed  by  end¬ 
point  security  is  data  privacy,  which  is  para¬ 
mount  for  the  Los  Angeles  County  Depart¬ 
ment  of  Health  Services  in  California,  says 
Don  Zimmer,  information  security  officer  for 
the  department.  He  supports  about  18,000 
desktops  and  laptops  and  operates  under  the 
restrictions  of  Health  Insurance  Portability 
and  Accountability  Act  regulations.  That 
means  disk  encryption,  he  says. 

“If  it’s  not  encrypted  and  there  is  a  breach, 
then  we  have  to  start  calling  people,”  he  says. 
To  avoid  violating  patients’  privacy  and  a  loss 
of  public  trust  the  department  encrypts  the 
drives  of  all  the  PC  endpoints  with  software 
from  PointSec. 

Equally  important  is  keeping  sensitive 
information  off  movable  media  that  can 
plug  into  USB  ports.  The  department  uses 
Safend’s  USB  Port  Protector  product  that 
either  denies  access  to  sensitive  documents 
or  requires  that  they  be  encrypted  and  pass- 
word-protected  before  being  placed  on  the 
removable  device. 

Zimmer  says  he  is  looking  into  data-loss 
prevention  software  as  well  that  can  restrict 
the  access  individual  devices  have  to  data. 
While  the  technology  can  be  effective,  it  also 
requires  that  businesses  locate  and  classify 
their  data  so  they  can  set  policies  surround¬ 
ing  it  —  a  job  that  can  seem  insurmountable 
depending  on  how  data  has  been  stored. 

For  Pettigrew,  this  means  finding  the  5%  of 
sensitive  data  stored  outside  the  medical  cen¬ 
ter’s  electronic  medical  records  system. 

Rather  than  deal  with  many  vendors  for 


specific  endpoint  protection  products,  some 
businesses  opt  for  endpoint  security  suites, 
such  as  those  that  evolved  from  the  antivirus 
roots  of  vendors  McAfee  and  Symantec. 

Sam  Ghelfi,  CSO  at  financial  firm  Raymond 
James,  opted  for  Sophos’  Endpoint  Protection 
and  Data  Security  Suite,  which  offers  firewall, 
antivirus,  data-loss  prevention,  antispyware, 
encryption  and  network  access  control  (NAC). 
The  company  wants  tight  control  over  what 
Web  content  is  available  to  users  to  minimize 
the  malware  coming  in  via  basic  Web  brows¬ 
ing.  The  company  uses  a  Sophos  Web  proxy 
to  filter  sites  based  on  reputation  but  also  the 
content  that  sites  return. 

Mobile  devices  that  could  contain  confiden¬ 
tial  company  information  are  disk  encrypted, 
again  using  Sophos  agents.  If  a  device  is  lost 
or  stolen,  the  encryption  key  is  wiped  out 
making  it  impossible  to  decrypt  the  contents 
of  the  hard  drive. 

Ghelfi  says  he  believes  in  personal  firewalls 
on  individual  machines  because  they  can 
stop  groups  of  devices  from  talking  to  other 
groups.  Centrally  managed,  they  can  reveal 
network  traffic  patterns,  he  says. 

He  doesn’t  use  all  the  features  of  the  Sophos 
suite,  though.  For  instance,  he  is  just  getting 
around  to  implementing  NAC  to  let  unman¬ 
aged  guest  machines  get  on  the  network  but 
still  minimize  risk  that  they  are  infected. 


That  will  clear  them  based  on  authentica¬ 
tion,  access  method  and  type  of  machine,  but 
for  contractors  that  require  access  to  the  main 
network,  he  also  insists  that  they  install  the 
Sophos  suite.  Other  unmanaged  machines 
such  as  those  of  guests  are  allowed  access  only 
through  a  dedicated  wireless  network  that 
leads  to  a  limited  set  of  servers  in  a  network 
segment  flanked  by  firewalls,  he  says. 

Such  endpoint  security  suites  can  be 
attractive  financially,  Jabbusch  says,  because 
customers  can  wind  up  with  reduced  agent, 
license  and  support  fees  and  less  management 
overhead.  There  may  be  a  certain  amount  of 
convenience  if  customers  decide  to  layer  on 
more  applications  within  a  suite. 

The  newest  class  of  device  —  smartphones 
—  is  presenting  ongoing  challenges.  Particu¬ 
larly  dicey  is  whether  to  allow  employees  to 
use  their  personally  owned  devices  for  busi¬ 
ness  and  to  access  the  business  network. 

A  Forrester  Research  survey  says  73%  of 
businesses  surveyed  are  at  least  somewhat 
concerned  about  smartphones  being  autho¬ 
rized  for  business  use. 

Jabbusch  says  the  type  of  smartphone  is  a 
factor.  “I  can’t  imagine  allowing  an  iPhone,” 
she  says.  “A  BlackBerry  is  somewhat  better," 
because  BlackBerries  have  a  management 
infrastructure  and  the  devices  can  be  locked 
down  to  corporate  policies.  ■ 


16  APRIL  5, 2010  www.networkworld.com 


TREND  ANALYSIS 


►  Microsoft ,  from  page  1 

around  technologies  that  many  felt  Microsoft 
attempted  to  control  in  a  closed  environment, 
according  to  industry  watchers.  For  others, 
not  much  changed  and  Microsoft  continues 
to  capitalize  on  its  market  strengths,  pum- 
meling  competition  where  it  can. 

“The  potential  was  there  to  shatter  Micro¬ 
soft.  I  envisioned  a  whole  new  world  as  seen 
through  my  IT  goggles,”  says  Greg  Topf, 
director  of  IT  at  NewBay  Media  in  New  York 
City.  “I  knew  Microsoft  was  always  the  800- 
pound  gorilla.  I  really  figured  major  changes 
would  be  coming,  the  implications  from 
the  ruling  really  held  the  potential  to  cause 
Microsoft  to  totally  re-architect  itself.  Hon¬ 
estly,  the  whole  change  was  a  lot  smaller  than 
I  envisioned.” 

The  good 

Microsoft,  which  declined  to  comment  for 
this  story,  has  lost  some  market  share  to  com¬ 
petitive  browsers,  yet  the  company  seems  to 
be  making  strides  with  its  plans  around  IE  9 
and  standardizing  HTML5. 

“Microsoft  has  shown  they  really  want  to 
lead  the  way  with  HTML  5  and  not  follow 
others  with  innovation.  Their  leadership  here 
will  help  Microsoft  deliver  IE9  as  a  truly  mod¬ 
ern  browser  and  demonstrates  how  seriously 
they  are  taking  this  effort,”  says  Forrester 
Research  analyst  Sheri  McLeish.  “From  the 
browser  perspective,  people  can  have  mul¬ 
tiple  browsers  and  it  is  important  Microsoft 
innovate  in  this  technology  to  stay  as  close  to 
customers  as  possible.” 

And  Microsoft  continues  to  dominate  with 
its  Windows  operating  system,  holding  91% 
market  share,  according  to  Net  Market  Share, 
and  seeing  eager  anticipation  and  accelerat¬ 
ing  adoption  of  the  latest  revision,  Windows 
7.  According  to  a  2009  report  by  McLeish, 
80%  of  enterprise  customers  use  some  ver¬ 
sion  of  Microsoft  Office  for  productivity  and 
collaboration,  with  8%  choosing  alternatives. 
And  many  are  anticipating  adopting  Micro¬ 
soft  Office  2010  to  meet  emerging  needs, 
according  to  Forrester. 

“Microsoft  continues  to  leave  its  computing 
fingerprints  on  most  desktops,”  McLeish  says. 
“But  the  scrutiny  ensured  Microsoft  couldn’t 
monopolize  the  market  so  now  companies 
like  Google  can  also  make  a  concerted  effort 
to  own  the  desktop  experience  from  browser 
to  application  to  operating  system.” 

One  positive  shift  that  might  not  be  appar¬ 
ent  in  market  share  numbers  is  Microsoft’s 
commitment  to  interoperability  with  third- 
party  and  open  source  systems. 

Rob  Enderle,  principal  analyst  at  the 


Microsoft  through 
the  years 

The  U.S.  Department  of  Justice 
waged  a  years-long  battle  against 
Microsoft,  ensuring  the  software 
giant  was  not  partaking  in  anti¬ 
competitive  practices,  ultimately 
winning. 

Nov.  4,  2002:  The  European  Com¬ 
mission  confirms  plans  to  uphold 
European  Union  law  in  its  own  probe 
into  Microsoft,  legally  separate  from  the 
U.S.  case. 

Nov.  1,  2002:  Judge  Colleen  Kollar- 
Kotelly  rules  that  a  proposed  settle¬ 
ment  meets  the  requirements  of  public 
interest. 

April  3,  2000:  U.S.  District  Court 
Judge  Thomas  Penfield  Jackson 
rules  that  the  software  giant  violated 
antitrust  laws  and  acted  to  hold  onto 
its  power  over  industry  competitors. 
Microsoft  immediately  appeals. 

Oct.  27, 1997:  The  Justice  Depart¬ 
ment  files  a  complaint  demanding  a 
$l-million-a-day  fine  against  Microsoft 
for  its  alleged  violation  of  an  earlier 
consent  decree. 

Aug.  19, 1997:  The  Justice  Department 
wants  to  determine  if  Microsoft’s  $150 
million  investment  in  Apple  Computer, 
or  its  equity  stakes  in  three  companies 
that  develop  Internet  streaming  tech¬ 
nologies,  could  squelch  competition. 

July  1994:  Microsoft  settles  antitrust 
charges  with  the  Justice  Depart¬ 
ment,  signing  on  to  a  consent  decree 
that  forbids  the  company  from  using 
its  operating  system  dominance  to 
squash  competition. 


Enderle  Group,  points  out  the  company’s 
internal  R&D  efforts  as  well  as  an  internal 
Linux  group  devoted  to  Microsoft’s  “mas¬ 
sive  effort  with  interoperability.”  In  the 
1990s,  Microsoft  pushed  its  closed  environ¬ 
ment,  requiring  hardware  makers  to  meet 
its  specifications,  but  this  century  Enderle 
says  the  company  realized  the  potential  to 
innovate  faster  by  working  with  others,  even 
competitors. 

“The  DoJ  and  the  EU  served  as  a  slap  in 
the  face  to  Microsoft  to  lift  its  head  up  and 
see  what  was  happening  in  the  world  of  tech¬ 
nology  outside  of  its  R&D,”  Enderle  says. 
“Microsoft  in  the  1990s  seemed  invincible, 
but  the  case  allowed  other  products  to  come 


to  market  to  address  challenges,  faster  than 
if  one  company  worked  on  them,  and  now 
Microsoft  seems  a  bit  less  arrogant  because  if 
you  hit  someone  in  the  pocket  hard  enough 
you  will  force  them  to  change.” 

The  bad 

One  thing  the  lawsuit  didn’t  change  was 
Microsoft’s  ambition  to  create  a  significant 
presence  in  many  markets. 

“Windows  Mobile  represents  one  of  the 
tougher  failures,  because  they  just  completely 
didn’t  do  it  right.  The  Zune  was  positioned 
against  Apple,  in  an  attempt  to  be  relevant, 
but  didn’t  take  off  as  hoped,”  says  Jonathan 
Edwards,  research  analyst  at  IDC. 

For  IT  professionals,  worse  than  mis¬ 
fired  product  efforts  is  the  fact  that  little 
has  changed  with  the  software  giant.  The 
company,  while  committing  in  part  to  stan¬ 
dards  efforts,  hasn’t  done  enough  for  some 
customers. 

“Microsoft  still  needs  to  learn  to  be  less 
proprietary.  If  every  software  company  in 
the  world  opened  themselves  up  to  stan¬ 
dards,  it  would  be  a  lot  easier  place  to  live 
in,”  says  Craig  Bush,  network  administrator 
at  Exactech,  a  maker  of  orthopedic  implant 
devices  and  related  surgical  instrumentation, 
in  Gainesville,  Fla.  “[Microsoft]  also  needs 
to  improve  their  ridiculously  complicated 
licensing  structures.  Some  of  the  software 
applications  I  administer  are  so  hamstrung 
by  the  licensing  that  it’s  extremely  time-con¬ 
suming  to  work  with  them.” 

Others  think  that  Microsoft  made  some 
headway  in  its  browser  technology,  but 
hasn’t  achieved  what  competitors  have  when 
it  comes  to  the  user  experience  on  the  desk¬ 
top.  For  instance,  the  company  may  offer  the 
choice  of  other  browsers,  but  Microsoft  still 
requires  IT  pros  tap  IE  to  get  there. 

“I  find  it  ironic  to  start  up  IE  to  download  a 
new  browser,  kind  of  like  saying,  ‘Thanks  for 
the  ride  to  Chrome,  I’m  done  with  you  now!”’ 
says  John  Turner,  director  of  networks  and 
systems  at  Brandeis  University  in  Waltham, 
Mass.  “Microsoft  will  always  be  suspect  in  that 
way.  Every  time  I  install  a  fresh  copy  of  Win¬ 
dows  and  start  IE  so  I  can  download  Firefox  or 
Chrome,  I  cringe  at  the  ads  and  pop-ups  Micro¬ 
soft  puts  in  to  try  to  get  me  to  stick  to  IE.” 

Naveed  Husain,  CIO  at  Queens  College,  a 
City  University  of  New  York  public  educa¬ 
tional  institution,  says  despite  efforts  Micro¬ 
soft  isn’t  innovating  as  well  as  competitors. 

“Microsoft  has  slowed  down,  and  it  is  now 
becoming  the  IBM  of  yesteryear,”  he  says. 
“SharePoint  and  Windows  7  are  now  the  lead¬ 
ing  products  for  Microsoft.  There  seems  to  be 
less  movement  on  the  side  of  innovation.”  ■ 
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Turing  machines, 
CAs  and  the  universe 

This  week  we’ll  venture  in  the  realm 
of  theory  for  a  change,  starting  with  Tur¬ 
ing  machines.  In  case  some  of  you  don’t 
know  what  a  Turing  machine  is,  here  is 
the  Wikipedia  definition:  “A  theoreti¬ 
cal  device  that  manipulates  symbols 
contained  on  a  strip  of  tape.”  It  is  not  a 
practical  computing  device,  but  rather  “a  thought 
experiment  representing  a  computing  machine.” 


And  why  bring  this  up?  A  guy  named  Mike 
Davey  has  actually  built  a  classic  Turing 
machine  that  really  works  (see  http://atur- 
ingmachine.com)! 

Unlike  Turing’s  thought  experiment,  this 
one  doesn’t  have  an  infinite  tape  but  instead 
uses  a  1,000-foot  roll  of  35mm  film  leader 
(that’s  infinite  enough  for  practical  purposes). 

The  write  head  that  creates  symbols  on  the 
tape  is  a  black,  erasable  marker  and  erasing 
symbols  is  done  by  a  felt  pad  that  is  lowered 
onto  the  tape  when  needed.  The  symbols  on  the 
tape  are  “read”  by  a  camera 
and  the  whole  apparatus  is 
driven  by  a  Parallax  Pro¬ 
peller  microcontroller. 

The  entire  project,  both 
hardware  and  software, 
is  open  source  and  I  want 
one! 

There’s  a  type  of  Turing 
machine  that  most  people 
in  IT  will  have  heard  of: 

Cellular  Automata  (CA). 

These  are  computational 
systems  based  on  grids 
that  can  have  one,  two,  three  or  more  dimen¬ 
sions.  The  cells  that  make  up  the  grid  have  two 
or  more  states  and  to  begin  there  is  some  start¬ 
ing  configuration  of  cells  in  various  states.  A 
set  of  rules  determine  the  next  state  of  each 
cell  in  the  grid  with  the  resultant  state  being 


dependent  on  the  cell’s  own  states  and  the 
states  of  its  neighbors  (usually  the  states  of  its 
immediate  neighbors).  Normally  the  states  of 
all  the  cells  change  simultaneously  so  time  in 
this  system  moves  forward  in  discrete  steps. 

For  example,  in  the  classic  Conway’s  Game 
of  Life,  a  simple  orthogonal  grid  in  two  dimen¬ 
sions  constitutes  the  world.  The  states  of  the 
eight  neighbors  adjacent  to  each  cell  are  exam¬ 
ined  and  the  sum  of  their  states  determines 
the  cell’s  next  state.  In  Life  the  rules  are  very 
simple,  but  the  results  can  be  spectacular, 
often  with  complex  pat¬ 
terns  forming,  moving, 
growing  and  dying. 

If  you  should  want 
more  Turing  machine 
stuff  check  out  the  dem¬ 
onstrations  on  Wolfram 
Research’s  site  (tinyurl. 
com/yewmzc4),  the 
home  of  Mathematica, 
the  amazing  legendary 
mathematical  computa¬ 
tion  program. 

Wolfram  offers  a  free 
player  that  will  execute  Mathematica  Note¬ 
books  (collections  of  formulae  that  are  ready 
to  be  executed)  and  the  site  offers  26  Turing 
machine  demonstrations. 

I’d  also  advise  checking  out  Stephen 
►  See  Gearhead.page  22 


IT  asked 
and  answered 

Ron  Nutter  and  Steve  Blass 

tackle  your  tough  tech  questions 


z:  I’ve  need  a  load  balancer 
zz  that  is:  1)  user  friendly 
E  since  this  will  also  be  used 
EE  by  our  eCommerce  depart- 
EE  ment;  and  2)  costs  less  than 
=  $20,000.  Right  now  I  have 

z  my  eye  on  Coyote  Point,  F5, 
z:  Brocade  and  Kemp.  -  a2thed 

~  ©Given  the  importance  of  the 
z  eCommerce  operations,  I  think  it 
zz  would  be  prudent  to  setup  a  test 
zz  network  and  ask  each  vendor 
EE  forevaluation  units.  I  would  also 
~~  ask  for  references  on  the  units 
(both  good  and  bad),  and  talk  to 
z  your  application  suppliers  to  see 
z  if  they  support  any  of  the  sys- 
zz  terns  or  know  of  configuration 
zz  changes  that  will  be  needed  to 
EE  optimize  performance.  You  will 
EE  also  want  to  look  at  how  often 
~  updates  are  released  and  what 
Z  is  fixed.  This  should  tell  you  how 
z  responsive  the  company  is  and 
zz  if  it  tries  to  fix  just  one  thing  or 

—  several  things  at  the  same  time. 

EE  Especially  when  using  some- 

EE  thing  like  this  in  eCommerce. 

z  Also  look  at  the  process  of 

z  rolling  back  to  a  previous  release 
z  of  firmware  in  the  event  that 
zz  the  new  firmware  either  doesn't 
zz  fix  the  problem  or  creates  new 
E*  problems.  Look  at  what  hap- 
EE  pens  during  a  firmware  update. 

™  Does  the  unit  fail  to  wire  and  go 

3  into  bypass  while  the  update  is 

z  being  processed?  Load  balanc- 

zz  ing  systems  are  typically  not 

EE  plug  and  play.  It  may  take  a  sys¬ 
tem  engineer  from  the  vendor  to 
EE  get  the  system  up  and  running, 

—  so  consider  if  the  vendor  can  do 

z  that  or  if  you'll  need  to  engage 

zz  its  professional  service  folks? 


The  entire  project, 
both  hardware 
and  software, 

is  open  source 
and  I  want  one! 
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1&1®  Dynamic  Cloud  Server  -  basic  configuration  includes: 

1  Virtual  Core  of  a  Quad-Core  AMO  Opteron™ 
Processor  2352 

%/  1  GB  RAM 

^  lOO  GB  web  space 

%/  Guaranteed  resources  (just  like  a  dedicated  server!) 


$24 
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per  month* 

(first  6  months) 


More  server  offers  are  available  online.  Visit  our  website  for  details. 


‘Offer  valid  for  a  limited  time  only.  50%  discount  applies  to  basic  configuration  only.  12  month  minimum  contract  term  and  set  up  fee  apply.  Visit  website  for  full  promotional 
offer  details.  Program  and  pricing  specifications  and  availability  subject  to  change  without  notice.  1&1  and  the  1&1  iogo  are  trademarks  of  1&1  Internet  AG,  all  other  trademarks 
are  the  property  of  their  respective  owners.  ©  2010  1&1  Internet,  Inc.  All  rights  reserved. 
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Home  wireless  vendors 
aim  to  simplify  routers 


IF  IT'S  BEEN  awhile  since  you’ve  purchased  or  upgraded  your  home  wireless  network 
equipment,  you’re  not  alone.  Sales  of  home  wireless  gear  have  been  pretty  flat,  leading  to 
several  theories  as  to  the  reason  why.  Some  feel  that  the  current  technology  of 802.11g  and/ 
or  802.11n  products  is  good  enough  for  most  home  setups,  while  others  suggest  that  the  com¬ 
plexity  of  setup  prevent  new  users  from  buying  and  installing  these  products. 


Whatever  the  reason,  ven¬ 
dors  are  attempting  new 
approaches  to  try  to  increase 
sales,  including  Cisco  and  Bel¬ 
kin.  The  two  companies  recently 
announced  products  to  address 
some  of  these  issues. 

Belkin  designed  its  four  new 
routers  around  the  concept  of  what 
users  do  with  the  devices  —  the  Surf 
($50),  Share  ($80),  Play  and  Play  Max 
Wireless  Routers  include  applications 
in  addition  to  the  basic  wireless  routing 
functions.  All  of  the  routers  include  a  Self- 
Healing  app  that  automatically  detects 
and  resolves  network  problems,  and  runs 
routine  maintenance  scans.  A  Print  Genie 
application  lets  users  wirelessly  print  from 
any  computer  on  the  network,  and  the  Mem¬ 
ory  Safe  application  can  automatically  back 
up  files  to  a  separate  external  hard  drive. 

The  higher-end  Play  ($100)  and  Play  Max 
($130)  versions,  which  include  dual-band 
802. lln  technology,  are  aimed  at  users  who 
want  to  stream  HD 
movies,  play  games 
online  and  download 
large  media  files.  Appli¬ 
cations  on  the  Play  and 
Play  Max  include:  the 


Cisco's  new  line 
of  Linksys  wireless 
routers  includes 
a  variety  of  form 
factors. 


Music  Mover,  which  lets  you  play  your  music 
library  on  the  Xbox  360  or  Playstation  3;  and 
the  Daily  DJ  app,  which  analyzes  the  “musi¬ 
cal  DNA”  of  your  music  and  creates  playlists 
around  three  different  moods.  The  Play  Max 
router  also  includes  Torrent  Genie  (down¬ 
load  large  media  files  when  the  computer 
isn’t  on),  and  Bit  Boost,  which  prioritizes 
traffic  on  the  network  for  video,  gaming 
and  VoIP  traffic. 

Cisco  last  week  launched  a  line  of 
Linksys  wireless  routers.  To  address  the 
complexity  issue,  Cisco’s  Valet  series 
offers  users  an  easier  way  to  set  up 
their  home  networks.  The  Valet  sys¬ 
tems  come  with  a  USB  “Easy  Setup 
Key”  that  users  plug  into  their  PC 
or  Mac,  and  the  new  Cisco  Connect 
software  sets  up  the  system  in  three 
steps.  Settings  are  stored  on  the  USB  key,  which 
then  connects  to  other  PCs  to  add  them  to  the 
network.  The  software  also  provides  parental 
controls  and  the  ability  to  set  up  Internet  access 
for  guests. 

Two  versions  are  available  —  the  Valet  costs 
$100  and  is  aimed  at  small  or  midsize  homes 
with  mostly  wireless  clients;  the  Valet  Plus 
costs  $150  and  is  aimed  at  homes  with  a  mix 
of  wireless  and  wired  clients.  The  Valet  Con¬ 
nector  ($80)  upgrades  older  computers  to  the 
new  network. 

For  tech  enthusiasts,  Cisco  also  announced 
its  E  Series  of  routers,  ranging  from  the  E1000 
($80),  the  E2000  ($120)  and  the  high-end, 
dual-band  E3000  ($180).  The  company 
also  announced  the  E2100L,  which 
includes  a  Linux  operating  system.  All 
of  these  routers  will  also  include  the 
new  Cisco  Connect  Software.  ■ 


Shaw  can  be  reached  at  kshaw@ 
nww.com.  Follow  him  on  Twitter  at 
http://twitter.com/shawkeith. 
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►  Gearhead ,  from  page  20 

Wolfram’s  2002  book,  “A  New  Kind  of 
Science”,  wherein  Mathematica’s  cre¬ 
ator  argues  that  “it  is  possible  to  view 
every  process  that  occurs  in  nature 
or  elsewhere  as  a  computation.”The 
science  of  Turing  machines  is  at  the 
heart  of  this  work. 

This  treatise  is  heady  stuff  and, 
should  you  opt  to  buy  Wolfram’s 
book  rather  than  peruse  it  online, 
make  sure  you  keep  a  firm  hold 
of  the  tome;  at  1,197  pages  it  could 
cause  serious  damage  to  your  toes  if 
dropped. 

To  end  this  week,  I  leave  you  with 
some  speculative  physics  based  on 
the  idea  of  CAs  and  which  is  firmly  in 
Wolfram’s  theoretical  territory:  The 
idea  that  universe  is  actually  one  vast 
cellular  automaton. 

This  theory  was  proposed  in  1967 
by  Konrad  Zuse,  who  also  designed 
the  first  high-level  programming 
language  and  formed  a  very  early 
computer  company  in  1946  funded 
by  patents  licensed  to  the  then  very 
young  IBM. 

I  shall  leave  you  to  follow  that 
rabbit  hole,  wherever  it  might  take 
you.  ■ 

Gibbs’s  universe  is  Ventura,  Calif. 
Your  calculations  to  gearhead@ 
gibbs.com. 
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ENTERPRISE  CLOUD  COMPUTING 


Cloud  vendors  ace  groundbreaking  test 

Terremark,  Rackspace,  BlueLock  deliver  fast,  secure  cloud  services 


BYTOM  HENDERSON  AND  BRENDAN 
ALLEN, EXTRE  MELABS 

The  potential  benefits  of  public 
clouds  are  obvious  to  most  IT 
execs,  but  so  are  the  pitfalls  — 
outages,  security  concerns,  com¬ 
pliance  issues,  and  questions 
about  performance,  management,  service- 
level  agreements  and  billing.  At  this  point, 
it’s  fair  to  say  that  most  IT  execs  are  wary  of 
entrusting  sensitive  data  or  important  appli¬ 
cations  to  the  public  cloud. 

But  a  technology  as  hyped  as  cloud  com¬ 
puting  can’t  be  ignored  either.  IT  execs  are 
exploring  the  public  cloud  in  pilot  programs, 
they’re  moving  to  deploy  cloud  principles 
in  their  own  data  centers,  or  they  are  eyeing 
an  option  that  goes  by  a  variety  of  names  — 
enterprise  cloud,  virtual  private  cloud  or 
managed  private  cloud. 

We’re  using  the  term  enterprise  cloud  to 
mean  an  extension  of  data  center  resources 
into  the  cloud  with  the  same  security,  audit 
and  management/administrative  components 
that  are  best  practices  within  the  enterprise. 

In  this  first-of-its-kind  test,  we  invited 
cloud  vendors  to  provide  us  with  20  CPUs 
that  would  be  used  for  five  instances  of 
Windows  2008  Server  and  five  instances  of 
Red  Hat  Enterprise  Linux  —  two  CPUs  per 
instance.  We  also  asked  for  a  40GB  internal 
or  storage-area  network/iSCSI  disk  connec¬ 
tion,  and  1Mbps  of  bandwidth  from  our  test 
site  to  the  cloud  provider.  And  we  required  a 
secure  VPN  connection. 

Rackspace,  Terremark  and  BlueLock 
accepted  our  invitation.  Amazon  did,  then 
did  not  and  refused  to  communicate  further. 
The  services  we  tested  were  comparable  in 
many  respects.  Rackspace  Managed  Private 
Cloud  scored  points  for  cost  transparency,  a 
solid  administrative  portal  and  good  overall 
performance.  Rackspace  was  the  slowest  in 
many  portions  of  the  tasks  we  needed  them  to 
complete,  although,  to  be  fair,  we  were  mak¬ 
ing  requests  that  were  outside  of  their  tradi¬ 
tional  sales  channels.  Terremark  Enterprise 
Cloud  delivered  speed  and  the  best  adminis¬ 
trative  portal,  and  also  offered  the  lowest  cost. 
The  BlueLock  Virtual  Cloud  offered  strong 
processes  and  good  administrative  support, 
but  was  the  most  expensive. 

Over  the  course  of  conducting  this  test,  we 
learned  several  things.  First,  a  customer  can 
expect  to  have  an  enterprise  cloud  deployed 
and  up  and  running  within  a  week  after  the 
selection  process  is  complete.  Second,  all 
the  vendors  delivered  strong  security  and 


comparable  performance,  albeit  with  vastly 
contrasting  management  components. 

And,  we  found  that  enterprise  cloud  ser¬ 
vices  can  be  expensive.  We  also  discovered 
that  each  vendor  seemed  “squishy”  on  over¬ 
all  pricing.  Our  recommendation  is  to  not 
assume  that  the  enterprise  cloud  route  is 
automatically  less  expensive  than  buying 
and  provisioning  your  own  servers.  Do  a 
thorough  cost  analysis  and  make  sure  to  pin 
down  your  vendor  when  it  comes  to  specific 
items  like  bandwidth. 

Seeding  the  clouds 

We  contacted  each  vendor,  described  our 
requirements  and  waited  for  the  proposals. 

Each  vendor  has  a  different  process  to 
arrive  at  a  quote  for  the  resources  we  asked 
for,  which  amounted  to  a  small  subset  to 
the  wide  array  of  possible  offerings  in  each 
vendor’s  menu.  While  each  vendor  had  a  dif¬ 
ferent  list  of  options,  there  were  many  com¬ 
monalities.  Ordering  virtual  private  cloud 
or  enterprise  cloud  services  meant  getting 
dedicated  machines  with  gear  we  wanted 
and  a  connectivity  method  that  would  link 
our  network  operations  center  at  n|Frame 
in  Indianapolis  to  the  vendor’s  resources 
through  VPN  connectivity,  which  should  be 
used  as  a  demarcation  point  for  both  security 
and  cost  purposes. 

BlueLock’s  hardware  choices  were  among 
the  narrowest,  but  they  won  points  for  having 


a  thorough  and  deliberate  quotation  and 
subsequent  provisioning  process.  They  use 
forms  made  of  Excel  worksheets  to  exchange 
information,  but  the  interactivity  of  infor¬ 
mation  exchanged  was  thorough  and  well 
thought  out.  By  contrast,  Rackspace  offered 
the  most  flexibility  in  many  ways. 

Terremark’s  rapid  speed  of  delivery  (three 
days)  earned  the  product  high  marks  as  it 
delivered  quickly  and  to  spec  —  all  things  we 
like  in  a  cloud  vendor.  But  the  other  vendors 
weren’t  far  behind  —  BlueLock  delivered  in 
five  days  and  Rackspace  in  six. 

BlueLock 

BlueLock  has  an  openly  published  security 
process,  which  initially  intrigued  us,  and  we 
were  reminded  of  an  almost  military  provi¬ 
sioning  process.  We  e-mailed  the  company 
with  our  desired  configuration,  and  Blue¬ 
Lock  responded  with  a  detailed  proposal. 
BlueLock  creates  the  offering  from  a  source 
document  build  list.  Once  we  said  “go”,  Blue¬ 
Lock  created  the  entire  private  cloud,  oper¬ 
ating  systems  deployment,  initial  security, 
IP  routing  and  so  on.  We  didn’t  create  the 
virtual  machines  (VM)  and  BlueLock  provi¬ 
sioned  the  VMware  instances  ( VMware  3.5  at 
this  writing;  4.0  soon).  We  received  dedicated 
hardware  running  on  HP  blades,  which  are 
their  only  hardware  platform. 

For  connectivity  via  VPN  and  firewalling, 
BlueLock  provided  a  Checkpoint  SSL  VPN 
whose  administrative  interface  doesn’t  work 
with  very  many  browser  platforms;  we  tried 
various  setups  but  only  were  able  to  get  it  to 
work  in  Windows  XP  and  Internet  Explorer 
(and  Firefox  3.5  with  Java  installed).  Windows 
7  with  IE8  or  Firefox,  Mac  OS  X  10.5/10.6.X 
with  Safari,  Firefox,  did  not  work  at  all.  Once 
inside  Checkpoint,  it  works  well  and  it’s  an 
enterprise-class  workhorse  firewall  and 
VPN.  BlueLock  was  also  able  to  pass  our  not- 
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Product 

Terremark 

Rackspace 

BlueLock 

Web  site 

Terremark.com 

Rackspace.com 

BlueLock.com 

Pros 

Fast  to  deploy;  best 
administration 
portal;  lowest  cost. 

Flexible  hardware, 
good  administration 
portal. 

Thorough 
transactional, 
provisioning 
process;  flexible 
configurations. 

Cons 

Most  services 
are  optional. 

Took  the  longest 
to  set  up. 

Limited  hardware 
selection. 

Score 

4.1 

3.9 

3.8 
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Powerful. 
Intelligent. 


ALTERNATIVE  THINKING  ABOUT  SERVERS: 


ext  generation  HP  ProLiant  servers 
11:1  consolidation  and  rapid  ROI 


•  Achieve  95%  reduction  in  energy  and  cooling  costs 

•  Realize  savings  of  up  to  90%  in  software  license  fees 

•  Reduce  the  number  of  servers  to  manage  by  90% 


Technology  for  better  business  outcomes. 


mm 


Up  to  two  Intel®  Xeon®  Processor  5500  Series 
144  GB  maximum  memory  footprint 
Now  supports  up  to  8  small  form  factor  high-performance  SAS 
hard  drives  or  up  to  6  large  form  factor  SATA  hard  drives 
HP  Insight  Control  cuts  management  costs  by  up  to  $48K  per 
100  users  over  3  years*  with  integrated  management  suite 


Smart 


See  how  HP  innovation  is  delivering  radical  ROI  for  companies 
like  yours  at  hp.com/go/servers/roi7  or  call  1-866-545-0294. 
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Product 

Terremark 

Rackspace 

BlueLock 

Management/ 

4.25 

4 

3 

Administration 

Processes 

4 

3.75 

4.25 

Provisioning 

4 

4 

4.25 

Costs/Value 

4 

4 

3.75 

Total 

4.1 

3.9 

3.8 

SCORING  KEY:  5:  EXCEPTIONAL:  4:  VERY  GOOD;  3:  AVERAGE; 
2:  BELOW  AVERAGE;  1:  SUBPAR  OR  NOT  AVAILABLE 


a-Cisco  VPN  test,  by  connecting  to  our  Vyatta 
router/VPN  appliance  quickly. 

The  management  interface  to  our  10  oper¬ 
ating  systems  instances  could  have  been 
better.  There  is  no  Web  interface  for  access¬ 
ing  VMs  (you  can  only  connect  to  instances 
directly  after  connected  through  the  SSL 
VPN  or  through  IPSec  site-to-site  VPN;  we 
tried  both).  Cloud  administration  was  stiff. 
BlueLocks’s  own  Vital  Signs  portal  is  a  Web- 
based  shell  program  that  in  turn  calls  other 
administrative  applications.  Vital  Signs  dis¬ 
plays  choices  including  a  Vital  Signs  Diagram 
(which  wasn’t  useful,  as  it  shows  a  user  count, 
and  our  agreement  did  not  concern  users,  so 
it  displayed  “one  user”),  and  Event  Monitor¬ 
ing  Portal  (the  FOSS  tool,  Nagios),  a  Trend 
Portal  (the  FOSS  tool  Cacti),  a  non-working 
Reports  screen,  a  Ticket  and  Support  Sys¬ 
tem  (trouble  ticket  submission  and  process 
control),  a  portal  user  account  maintenance 
facility,  and  FAQs. 

Nagios  is  an  open  source  network  monitor¬ 
ing  tool  that  we  used  to  monitor  network  ser¬ 
vices  such  as  http  or  mysql  servers,  along  with 
whether  the  host  is  alive  (ping  test).  We  could 
also  set  alarms  or  notifications  if  a  Nagio-tested 
service  failed.  The  Cacti  trend  portal  showed 
us  VM  and  firewall  information.  Cacti  does  a 
great  job  of  showing  time  series  sample  graphs 
of  CPU  usage,  network  activity,  memory  usage 
and  disk  usage.  We  found  BlueLock’s  Vital 
Signs  Ticket  and  Support  System  to  be  frus¬ 
trating,  as  it  gave  us  only  summarized  infor¬ 
mation  and  no  transaction  or  billing  history. 
The  Vital  Signs  portal  isn’t  well  connected,  in 
terms  of  applications  integration,  as  pieces 
can’t  be  related  together  as  objects  in  easy 
ways.  While  most  of  the  discrete  applications 
are  useful,  they’re  very  disjointed. 

We  logged  on  to  check  BlueLock’s  admin¬ 
istrative  interface,  then  dove  into  forming 
our  test  suite,  which  consisted  of  installing 
LAMP/WAMP  onto  each  operating  system 
instance  that  had  been  created.  We  checked 
BlueLock’s  performance  with  an  Apache 
benchmark.  It  turned  out  that  all  of  the  ven¬ 
dors  performed  within  a  narrow  window. 

We  tested  storage  expansion,  which  was 
simply  a  matter  of  submitting  a  new  support 
ticket.  And  BlueLock  configured  the  IPSec 
tunnel  correctly  —  except  for  our  public  IP, 
none  of  the  resources  could  be  seen,  and  the 
Checkpoint  firewall  and  tunnel  manager  kept 
it  that  way. 

BlueLock  had  a  very  fast  connection  to  our 
network  operations  center  (NOC)  —  uploads 
at  7.26Mbps  and  downloads  at  8.8Mbps.  But 
it’s  also  located  only  a  few  miles  away  from 
our  n|Frame  NOC  resources  (our  subscribed 
bandwidth  was  1Mbps  burstable  to  10Mbps). 


Overall,  BlueLock’s  negotiation  process 
is  good,  and  its  security  components  were 
well  managed.  The  BlueLock  administrative 
method  had  applications  that  feel  like  sepa¬ 
rate  products.  Nothing  is  really  connected 
together,  most  portals  launch  in  another 
browser  window,  some  even  require  a  sepa¬ 
rate  login/password  combo.  Administration 
is  unnecessarily  confusing  using  these  tools. 
And  since  BlueLock  controls  changes  to  the 
operating  systems  deployed,  the  time  between 
ticket  submission  and  a  change  could  be  con¬ 
siderable.  We  wanted  to  occasionally  use  our 
root  account  just  to  get  things  done. 

Terremark 

Terremark’s  negotiation  process  is  less  for¬ 
mal  than  BlueLock’s,  although  all  of  our 
private  cloud  metrics  were  met  fully  by  Ter¬ 
remark.  Terremark’s  hardware  offerings  are 
just  slightly  more  expansive  than  those  from 
BlueLock,  as  Terremark  uses  HP  580  and  585 
servers.  Terremark  also  offered  us  a  variety 
of  bundles  that  were  predefined  hardware/ 
software  asset  combinations. 

The  build-time  was  shorter  —  they  were 
the  first  online  and  were  ready-to-go  quickly, 
although  part  of  the  speed  came  from  the  fact 
that  Terremark  didn’t  provision  our  instances 
of  Red  Hat,  and  only  offered  Windows  2008 
(not  R2)  server  instances,  with  no  mainte¬ 
nance,  although  it  can  be  procured. 

We  told  them  the  specs,  they  replied  with 
a  few  questions,  and  in  a  couple  of  days,  the 
components  were  built  and  we  connected  our 
NOC  and  the  Terremark  NOC.  Terremark 
used  VMs,  like  BlueLock,  as  the  substrate  for 
our  requested  network,  and  the  connections 
to  our  Vyatta  router/VPN  appliance  inte¬ 
grated  quickly  with  their  Cisco  components. 

Administrative  interface 

In  the  interest  of  time,  Terremark  had  us 


provision  our  own  VMs,  which  was  a  simple 
task.  We  were  allocated  the  desired  number 
of  CPUs,  RAM,  disk  and  network  for  us  to 
divide  into  the  “shape”  of  the  cloud  we  wanted. 
The  Terremark-developed  DigitalOps  admin¬ 
istrative  app  interface  was  used  to  deploy  our 
Windows  and  Linux  instances  from  one-click 
templates.  Terremark  supplied  the  Windows 
licenses  (ostensibly  from  a  volume  license) 
and  supplied  Red  Hat  operating  systems  — 
but  we  registered  licenses  supplied  to  us  by 
Red  Hat.  Rollout,  therefore,  was  drama-free 
and  just  10  clicks  for  10  instances.  Terremark 
can  optionally  install  everything  for  you  at 
additional  cost.  We  had  the  option  of  rolling 
out  other  types  of  server  licenses  operating 
systems  from  ISO  images  as  well. 

DigitalOps  has  a  user  interface  that’s  sepa¬ 
rated  into  two  main  tabs,  Environment  and 
My  Account.  Under  Environment  there  are 
three  tabs:  Resources,  Devices  and  Network. 
The  Resources  tab  displays  information 
about  processor,  memory  and  storage  usage. 
The  main  Resources  page  has  a  summary  of 
each  for  the  past  24  hours  and  is  very  easy 
to  understand.  We  could  get  more  detailed 
information  by  using  the  sub-tabs  about  each 
individual  component  (processor,  memory, 
storage)  if  desired.  The  Devices  tab  lists  all  the 
VMs  that  we  created,  which  can  be  sorted  into 
groups  and  rows.  We  could  create  VMs  from 
prebuilt  templates  or  create  a  blank  server 
using  our  own  ISO,  as  mentioned. 

We  could  use  a  VPN  Connect  button  that 
allowed  us  to  link  to  an  SSL  VPN  (which  is 
required  to  actually  connect  to  the  consoles 
of  the  VMs  created).  The  final  tab  in  the  Envi¬ 
ronment  section  is  network.  Here  we  could 
view  the  IP  networks  assigned  to  us,  internal, 
external  and  public  IP  addresses.  We  could 
also  set  up  firewall  and  port-forwarding  rules, 
although  they  are  very  basic  and  we  couldn’t 
customize  it  very  much. 
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Enterprise  cloud  pricing:  Your  mileage  may  vary 

Doing  a  cost  comparison  between  various  cloud  service  vendors  is  tricky,  since  each  vendor  offers  a  parade  of  options  and 
pricing  schemes.  However,  we  tried  to  do  an  apples-to-apples  comparison  of  the  three  services  we  tested.  We  also  tried  to 
estimate  what  it  would  cost  to  deploy  the  same  resources  inside  the  data  center.  Of  course,  the  do-it-yourself  option  doesn’t 
take  into  account  some  of  the  reasons  that  companies  move  to  cloud  computing,  such  as  speed  and  flexibility.  Plus  the  DIY 
numbers  don’t  include  staffing  facilities  costs. 


BlueLock 

Terremark 

Rackspace 

DIY 

Initial  setup/ 

Installation  costs 

$21,437.86 

$0.00 

$0.00 

$34,080  Three  Dell 
PowerEdge  R710 
servers,  plus  VMware 
vSphere  4.0. 

Resources 

(20  cores,  40GB  RAM) 

$5,196 

$7,000 

$5,531.40 
(3  R710s,  DualProc, 

36GB  Ram, 
z2xl46GB  HD) 

$4,860,  monthly  costs 
for  9U  in  NOC  xl2 

Storage  (monthly) 

$700 

200GB  SAN+backup 

$370 

500GB 

$1,512 

750  GB  FC  SAN 

$0.00 

Bandwidth  (monthly) 

$250 

1Mbps  (burst  to  10) 
(possible  bandwidth 
overage  charges) 

$125 

5Mbps 

$0.00 

2TB  per  server  of 
data  transferred 
(included  above) 

$3,000,  monthly 
bandwidth  costs  xl2 

VPN  setup  fee 
(site-to-site) 

$600 

$0.00 

$0.00 

$0.00 

VPN  connectivity 
(monthly) 

$0.00 

Uses  above  bandwidth 

$200.00 

1Mbps 

$100 

$0.00 

RedHat  5  licenses 

64bit 

$1,625 

Includes  40GB  OS  drive 

$0.00 

Must  provide 
own  license 

$1,117.20 

$1,995.00 

5  Red  Hat  Enterprise 

Linux  5.3  licenses  with 
one  year  support 

Microsoft  Windows 
Server  2008  5 
licenses  (64bit) 

$1,645 

Includes  40GB  OS  drive 

$165 

Without  Active  Directory 

$1,209.60 

$8,970 

Windows  Server  5 
licenses  with  1  year 
support  and  150 
client  licenses 

Firewall/router 

(monthly) 

$792.50 

Checkpoint  firewall 

$0.00 

Included  in  resources 

$343.56 

$3,297.00 

Vyatta  2501  router,  Dell 
PowerConnect  2824 
switch  (24xlGbE  )ports 

Support 

$510.43 

24x7 

$0.00 

24x7  but  no  OS/ 
app  support 

$0.00 

24x7 

$0.00 

Total  cost  for  1st  month 

$32,756.79 

$7,860.00 

$9,813.76 

Estimated  cost  for 
next  11  months 

$117,908.23 

$86,460.00 

$107,951.36 

Estimated  cost 
for  1st  year 

$150,665.02 

$94,320.00 

$117,765.12 

$56,202.00 

NOTE:  TOTAL  COST  FOR  FIRST  MONTH  INCLUDES  INITIAL  SETUP  AND  VPN  SETUP  FEES,  PLUS  ONE  MONTH'S  USAGE. 
THE  ESTIMATED  COST  FOR  NEXT  11  MONTHS  IS  BASED  ON  FIRST  MONTH'S  USAGE  FEE  MULTIPLIED  BY  11. 


Site-to-site  VPNs  were  a  separate  package 
deal,  but  possible  to  do  using  the  IPSec  pro¬ 
tocol.  Terremark  only  supports  certain  hard¬ 
ware  or  software  VPNs,  but  they  will  do  a 
“best  effort”  to  try  to  get  things  working,  if  you 
have  something  different.  We  had  something 


different,  the  aforementioned  Vyatta  appli¬ 
ance  and  we  got  the  VPN  working  with  mini¬ 
mal  trouble.  Once  everything  was  set  up,  we 
ran  some  brief  upload  tests  between  our  N  OC 
and  their  servers.  During  an  ISO  transfer 
using  scp,  we  maxed  out  around  120KBps 


(average).  Normal  FTP  was  about  the  same 
around  125KBps.  The  connection  was  lim¬ 
ited  to  1Mbit  (not  burstable),  which  is  about 
128KB,  so  it  was  pretty  much  maxing  out  the 
connection. 

Terremark  supplied  an  older  VMware 
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console  plugin  (which  oddly  doesn’t  work  in 
Windows  7  under  IE  8  or  Firefox  3.6  but  did 
work  in  Firefox  3.5.7)  but  none  of  the  other 
competitors  offered  any  option  to  connect  to 
the  VMs  via  their  respective  Web  interfaces 
—  and  Terremark  did.  This  wasn’t  as  much  of 
an  issue  with  the  Windows  VMs  (meaning 
console  VM  access)  as  the  Windows  Server 
virtual  machines  had  Remote  Desktop  turned 
on  to  give  us  access.  We  had  a  few  small  quib¬ 
bles  with  the  templates  used  to  generate  the 
RHEL  virtual  machines,  as  the  template  did 
not  create  a  user  besides  root  (therefore,  we 
couldn’t  SSH  in,  as  root  SSH  is  disabled  by 
default). 

The  Terremark  committed  bandwidth  pric¬ 
ing  is  complicated  and  is  based  on  a  “95th  per¬ 
centile”  scheme,  where  they  take  the  top  5% 
of  your  traffic  for  the  month,  drop  that  from 
calculations  and  use  the  final  95%  of  the  band¬ 
width  you  used  to  figure  out  a  price.  You  must 
purchase  a  Committed  Bandwidth  package. 
Ours  was  the  5Mbit  package,  which  is  $25  per 
Mbit,  so  $125  in  total. 

If  you  stay  within  the  committed  5Mbit,  you 
will  only  pay  $125  a  month.  The  extra  charge 
comes  in  when  you  use  more  than  your  allo¬ 
cated  bandwidth.  Say  you  go  over  by  1Mbit 
for  a  total  of  6Mbit,  then  you  will  have  to  pay 
2x  the  Mbit  fee  (so  $25  per  Mbit  would  be  $50 
per  Mbit  for  overage).  Our  total  for  the  month 
would  then  be  $175.  Fortunately,  Terremark 
allowed  us  to  cap  the  bandwidth  at  5Mbps 
for  the  VPN  connection,  which  is  all  we  used. 
According  to  the  billing  invoice  our  Commit¬ 
ted  Bandwidth  was  in  the  5M  to  50Mbps  Tier 
but  that  does  not  apply  to  the  VPN.  The  VPN 
bandwidth  is  a  flat-rate  per  month  based  on 
connection  speed  and  is  not  included  in  regu¬ 
lar  bandwidth  calculations.  They  have  the 
following  tiers:  1Mbit  =  $200;  3Mbit  =  $550; 
6Mbit  =  $1085;  10Mbit  =  $1285. 

Overall,  we  liked  Terremark’s  management 
app,  and  its  speed  to  delivery.  Provisioning 
was  simple  —  even  though  we  did  all  of  the 
VMs  from  the  pool  allocation  allotted  to  us, 
and  integration  with  our  non-standard  router 
was  painless.  We  don’t  mind  pain  for  gain,  but 
it  wasn’t  necessary  with  Terremark. 

Rackspace 

We  were  a  little  frustrated  by  Rackspace.  Rack- 
space’s  process  was  slow,  and  may  be  faster 
for  others  as  our  negotiation  and  installation 
were  done  somewhat  outside  of  their  normal 
sales  processes.  The  upside  is  that  Rack- 
space’s  costs  were  more  transparent  and  once 
rolling,  its  performance  was  very  good.  Rack- 
space  provisioned  us  on  Dell  hardware,  but 
emphasizes  that  most  other  top  tier  brands/ 
models  are  available.  We  got  the  feeling  that 


they’re  used  to  dealing  on  longer  negotiation 
cycles  with  more  diverse  hardware  needs,  and 
deployment  cycles  associated  with  very  large 
organizations. 

Once  the  hardware  and  VMs  had  been  pro¬ 
visioned,  our  site-to-site  VPN  took  a  while 
to  integrate  as  well  —  and  much  longer  than 
the  competition  in  our  not-using-Cisco  test. 
Once  the  VPN  worked,  it  was  smooth  sailing, 
although  IIS  was  installed  on  every  Windows 
Server  2008  machine  (we  used  Apache  for 
testing),  so  we  had  to  uninstall  everything 
(IIS  stuff)  first.  Some  of  these  seeming  discon¬ 
nects  could  have  been  the  result  of  our  abnor¬ 
mal  provisioning.  The  Red  Hat  Enterprise 
Linux  VMs  were  correctly  set  up.  As  with 
BlueLock,  Rackspace’s  virtual  private  cloud 
was  fully  provisioned  on  top  of  VMware  ESX 
3.5  by  Rackspace  so  we  didn’t  have  to  create 
the  machines  ourselves.  There  is  a  spot  in  the 
administrative  Web  interface  to  create  new 
VMs  (through  a  request),  but  this  is  limited  to 
Windows  Server  2003  and  RedHat  RHEL  3, 4 
and  5.  It’s  possible  to  have  what  you  like  (such 
as  VMs),  but  you  must  submit  a  ticket  for  that 
with  incumbent  additional  cost. 

We  liked  the  Rackspace  administrative 
portal,  which  had  six  main  divisions:  Support, 
Products,  Services,  Network,  Account  (man¬ 
agement)  and  Community.  It’s  integrated, 
like  Terremark’s,  and  offers  a  tabular  method 
of  drilling  down  to  support  tickets,  viewing 
each  server  resource  utilization,  viewing 
time  series  of  performance  characteristics, 
and  administering  our  account.  We  found 
the  Community  tab  interesting,  as  it  took  us 
to  a  private  user  forum.  The  forum  is  designed 
not  be  used  for  trouble  tickets,  but  rather  for 
communication  among  Rackspace  clients  for 
items  such  as  application  integration,  perfor¬ 
mance  tweaks  and  so  on.  This  type  of  com¬ 
munity-based  communications  was  missing 
in  BlueLock’s  and  Terremark’s  offerings.  It’s 
like  an  internal  user  group. 

Rackspace’s  communications  with  our 
n|Frame  NOC  was  very  fast,  despite  the 
long  distance  (Indianapolis  to  Austin)  and 
we  were  happily  surprised  at  the  speed.  Our 
ability  to  control  VMs  was  also  good,  and  we 
could  manipulate  our  VMs  readily  although 
we  couldn’t  actually  connect  to  the  console  of 
the  VM  from  an  external  (to  the  VPN)  connec¬ 
tion.  It’s  also  possible  to  review  antivirus  and 
URL  monitors,  but  we  didn’t  ‘purchase’  these. 


©  Read  how  we  conducted  our 
test  of  the  enterprise  cloud  comput¬ 
ing  services,  tinyurl.com/yg9phf8 


Interestingly,  we  could  use  the  portal  to  buy 
SSL  certificates  (five  types  from  VeriSign  or 
two  types  from  Thwate)  —  very  convenient. 

We  provisioned  the  RackspaceVMs  for 
testing  with  our  benchmark  and  connectiv¬ 
ity  tests.  There  were  no  mysteries,  and  Rack¬ 
space’s  Dell  hardware  performed  well.  We  had 
no  difficulties  administering  changes  with 
Rackspace  although  gaps  in  their  response 
were  as  mentioned,  likely  to  have  been  the 
product  of  not  being  an  actual  customer. 

We  liked  Rackspace  and  were  it  not  for  its 
slowness,  we’d  have  liked  the  product  much 
better,  even  though  we  know  we  were  excep¬ 
tions  to  their  normal  sales/fulfillment  process. 
Rackspace’s  portal  is  useful,  although  with 
fewer  choices  than  Terremark’s  and  with  a 
bit  less  functionality.  As  we  seemed  to  have 
hurried  them,  we  didn’t  get  the  full  customer 
experience  we  were  hoping  for.  Nonetheless, 
they  were  in  the  mid-range  of  pricing,  and  per¬ 
formed  very  well. 

Costs 

We  asked  each  competitor  to  keep  track  of 
costs  for  us.  Each  competitor  was  a  bit  cagey 
and  all  wanted  to  emphasize  that  costs  are 
variable  and  tiered.  They  did,  however,  even¬ 
tually  get  us  pricing  that  reflected  our  utiliza¬ 
tion  figures  after  we  tested  each  private  cloud 
with  a  performance  analyzer  to  gauge  CPU, 
bandwidth,  VPN,  storage  and  other  costs. 

We  also  attempted  to  compare  the  three 
service  providers  with  a  do-it-yourself  option 
—  in  other  words,  buying  hardware  and  soft¬ 
ware  and  deploying  the  apps  on  your  own. 
With  the  comparison  lies  strong  caveats.  If 
one  uses  a  DI  Y-type  solution,  there  are  hidden 
expenses  involved  that  we  didn’t  include  in 
our  estimate.  These  include  support  staffing, 
and  leasehold  costs,  although  we  did  include 
a  collocation  cost  for  power  and  space,  at  $45 
per  rack  one  unit  per  month  pro-rated  over 
the  cost  of  the  Dell  hardware  we  chose  in  our 
DIY  cost  simulation.  We  also  didn’t  include 
applications  or  application  support,  although 
these  aren’t  covered  by  our  competitors,  either. 
Nor  is  the  cost  of  negotiations,  procurement, 
shipping  or  building  the  hardware  compo¬ 
nents  included. 

Our  final  caveat  is  that  pricing  appears  to  be 
a  moving  target,  and  a  heavily  guarded  sales 
secret.  And  for  those  using  virtual  private 
clouds  for  availability,  N+l  or  2N  availability 
requires  off-premises  extensions  of  equip¬ 
ment,  making  DIY  impractical.  ■ 

Henderson  is  principal  researcher  and 
Dvorak  is  a  researcher  for  ExtremeLabs 
in  Indianapolis.  They  can  be  reached  at 
thenderson@extremelabs.com. 
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Data  Cabling  Made  Easy 


HiPerLink 

- Copper - 


com/hiDeriif 


©  Copynghl  2010,  ICC. 


Upon  approval  of  specs  and  terms 


Data  Center  cabling  doesn't  have  to  be  messy. 

Try  ICC's  pre -terminated  solutions. 

•  Factory  assembled  in  Southern  California,  turn-around  %  weeks  or  less* 

•  Factory  tested,  performance  results  included 

•  CAT  6  up  to  dB  NEXT  headroom 

•  Install  right  out  of  the  box,  modular  for  easy  MACs  later 
.  15  Year  Link  Performance  Warranty 

Cost  40%  less  than  most  name  brands,  even  less  than  on-site  cabling 
E-mail  us  or  give  us  a  call,  you  will  be  surprised  how  easy  it  is. 
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17-OutletPowei^trip 

®®®®w7LCD]Display 


$149 


SHOWS:  Volts,  Amps,  Watt,  VA, 
Frequency,  Power  Factor  &  KWH 


Network  Management  System 
RemoteiOutletiControl 


Server  Room 
Climate  &  Power 
Monitoring 


MicroGoose 

Climate  Monitor 


Built-in  Web  Interface  1 
Temperature  &  Humidity 
Power  over  Ethernet  Enabled 
E-mail  Alarms  &  Escalations 
SNMP,  XML,  HTTP,  HTTPS 
Optional  IP  Web  Cams 


MicroGoose 

$199 


Receive  our  FREE  BOOK 
by  emailing  us  at 
NW@ITWatchDogs.com 
with  your  mailing  address 
or  call  us  at  512-257-1462 


Instantly  Search  Terabytes  of  Text 

♦  25+  full-text  and  fielded  data  search  options 

♦  Built-in  file  parsers  and  converters  highlight  hits  in  popular  file  types 

♦  Spider  supports  static  and  dynamic  web  data;  highlights  hits  with 
links,  formatting  and  images  intact 

♦  API  supports  C++,  .NET,  Java,  SQL,  etc.  .NET  Spider  API. 

Includes  64-bit  (Win/Linux) 

♦  Fully-functional  evaluations  available 


Content  extraction  only  licenses  also  available 

"Bottom  line:  dtSearch  manages  a  terabyte  of  text  in  a  single  index 
and  returns  results  in  less  than  a  second"  —  InfoWorld 

dtSearch  "covers  all  data  sources  ...  powerful  Web-based  engines" 

—  eWEEK 

"Lightning  fast ...  performance  was  unmatched  by  any  other  product" 

—  Redmond  Magazine 

For  hundreds  more  reviews,  and  hundreds  of  developer 
case  studies,  see  www.dtSearch.com 

1-800-IT-FINDS  •  www.dtSearch.com 

The  Smart  Choice  for  Text  Retrieval®  since  1991 
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I  surf  x-rated  sites 
from  behind 
my  cubicle  walls 


I  pass 

company  secrets 
via  the  web 


I  shop  online 
all  afternoon 
from  work 
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Monitor  Employee  PC  &  Internet  Activity 

Spector  360  is  the  world's  first  monitoring  solution  that  makes  it 
easy  to  detect  inappropriate  employee  behavior.  At  the  touch  of  a 
button,  you  will  see  ALL  PC  &  Internet  activity  for  your  entire 
company  and  find  out  which  employees  are  working,  playing, 
doing  their  job  efficiently  or  putting  your  business  at  risk  by 
engaging  in  illicit  or  illegal  behavior. 

Spector  360  Records  ALL  Your  Employees' 


Emails  (Sent  and  Received) 

Chats  &  Instant  Messages 
Keystrokes  Typed 
Web  Sites  Visited 


Files  Saved  to  Removable  Media 
Google  &  Other  Online  Searches 
Network  Traffic 

and  much  more... 


Users  Spending  the  Most  Time  Surfing  Web  Sites 


Tom 

Pat 

Sarah 

Brian 

James 

Nancy 

Randy 

Victor 

Carol 


0  1  2  3  4  5  6 

Active  Time  (HOURS) 

Q.  Criteria  0  Settings  P  Events  i  Cb  Reports  J  » 


CHART  DATA 


Plus,  Spector  360  includes  a  powerful  screen  snapshot  recorder  that 
shows  you  in  exact  visual  detail  what  an  employee  does  every  step 
of  the  way. ..  think  of  it  as  a  surveillance  camera  for  your  office  PCs. 

Expect  to  See  Immediate  Results 

See  results  within  24  hours  of  installing  Spector  360. . . 
we  guarantee  it!  Don't  just  take  our  word  for  it. 

Try  Spector  360  for  yourself  by  calling  1 .877.288.5699 
and  requesting  a  FREE  test  drive. 


More  than  50  built-in  charts  and  reports  allow  you 
to  quickly  and  easily  identify  your  top  achievers, 
productivity  wasters,  and  anyone  engaging  in 
inappropriate  or  potentially  damaging  conduct. 


NETWORK 

PRODUCTS  GUIDE 


2010  Product  Innovation  Award 


Spector  360  Awarded  Best  "Information 
Monitoring  and  Filtering  Solution" 


For  more  information,  visit: 

WatchWith360.com 

or  call  us  anytime 

1.877.288.5699 
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WHEN  LIAISE  IS  ON  ITr  YOU  CAN  BE,  TOO. 


Liaise  captures,  prioritizes  and  organizes  every  detail,  action  item,  and  due  date,  automatically,  while  you 
use  your  email.  So  you  don 't  have  to  do  anything  special  to  get  the  organization  and  peace  of  mind  it  provides. 

While  you  type,  Liaise  scans  your  email  messages  for  tasks  and  due  dates,  and  assigns  priority  levels 
,y  can  you  send  me  the  ^sed  budget  before  the  end  of  next  week?  before  organizing  everything  into  an  easy-to-use  sidebar  for  on- 

demand  reports  and  syncing  with  your  Outlook  calendar. 

Liaise  runs  in  the  background  to  identify  what's  important,  and  even  updates  your  team  members  with  the 
same  information — even  if  they’re  mobile — so  there’s  no  mistaking  who’s  got  what  due  when. 

Right  now,  you  can  try  Liaise,  free.  Just  visit  www.liaise.com/on  to  see  a  quick  demo,  and  download  it. 

Hey  you’ve  got  plenty  to  keep  track  of.  But  if  Liaise  is  on  it,  you  can  be,  too. 


FQ  DOWNLOAD  LIAISE  FOR  FREE,  JUST  VISIT  WWW.LIAISE.COM/ON. 


Liaise 
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Many  ethical  answers 


IN  A  Backspin  column  a  couple  of  weeks  ago 
I  posed  questions  about  ethical  behavior  in 
an  IT  setting  and,  much  to  my  pleasure,  a  lot 
of  people  commented  on  the  article. 

Some  of  the  online  feedback  raises  an  interesting  issue  concerning 
people  who  respond  anonymously  and  occasionally  somewhat  rudely. 
I  consider  it  to  be  unethical  not  to  publicly  stand  by  the  opinions  you 
express  in  public,  particularly  when  you  are  snarky. 

Such  a  response  came  from  two  Anons  who  whined  about  the 
thumbnail  definition  I  gave  for  ethics  and,  in  so  doing,  ignored  the  fact 
that  I  was  discussing  the  narrower  topic  of  business  ethics.  That  said, 
the  rest  of  you  were  extraordinarily  thoughtful  in  your  responses. 

I  don’t  have  room  to  slice  and  dice  all  of  the  feedback  but  a  couple  of 
interesting  trends  appeared  that  are  worth  noting. 

The  first  is  that  most  of  you  aren’t  tolerant  of  any  kind  of  cheating 
and,  it  appears,  would  be  willing  to  speak  out  despite  a  risk  to  your  own 
careers.  The  second  trend  is  that  you  are  loyal  to  your  organizations. 

What  I  find  interesting  is  that  you  all  seem  to  recognize  that  you  are, 
in  the  eyes  of  your  organizations,  dispensable,  but  despite  that  you 
would  go  out  of  your  way  to  “do  the  right  thing”  for  the  company.  It 
appears  that  you  are,  in  general,  ideal  employees. 

This  raises  a  question:  Why,  when  you  recognize  that  your  organiza¬ 
tion  is  only  as  committed  to  you  as  it  has  to  be,  are  you  more  committed 
in  return?  I  think  the  great  example  of  this  is  how  many  organizations 
ask  you  to  give  110%  yet  when  the  going  gets  tough,  don’t  reciprocate. 

Finally,  the  bonus  question  asked  which  of  three  applicants  you 
would  hire  given  a  background  check  revealed  two  as  womanizing, 


heavy  drinking,  party  boys  while  the  third  hardly  drinks,  is  a  war  hero 
and  a  vegetarian. 

Online,  reader  “GooRu”  said  he’d  never  trust  a  vegetarian,  while 
reader  “YesIAmAnon”  declared  he  would  choose  the  third  candidate: 
“Probably  a  lower  risk  to  the  organization,  and  some  evidence  [that  he 
is]  a  more  ethical  person”. 

Reader  Lon  Feuerhelm  contended  that  “Nothing  in  the  final  can¬ 
didate  would  eliminate  him,  so  if  he  were  qualified  as  a  manager,  he 
might  get  the  nod.  However,  personally  I  would  not  hire  any  of  them 
and  re-advertise  the  position.”  And  reader  Ken  Diliberto  asked,  “Are 
you  kidding?  A  vegetarian?  Really?  OMG!  How  could  you  suggest  such 
a  candidate??  Is  living  in  the  Peoples  Republik  of  Kalifornia  starting  to 
get  to  you?  Are  you  in  need  of  supplemental  oxygen?”  Diliberto  added 
“As  long  as  they  didn’t  rule  with  an  iron  fist,  there’s  a  possibility  you 
could  teach  the  third  candidate  to  like  a  good  steak.” 

Longtime  reader  and  frequent  responder,  Tom  Franciosi,  claimed 
he  “would  party  with  the  first  two  and  hire  the  last  one.  Reasons:  1)  I 
work  well  with  anyone  who  has  served  in  the  armed  forces,  2)  healthy 
life  style  means  they  would  likely  outlive  the  others  and  contribute 
more  to  the  company,  and  3)  healthier  life  style  would  help  contain  my 
company’s  rising  healthcare  expenses.” 

You  may  not  be  surprised  to  learn  that  the  bonus  question  was  a 
trick.  The  three  profiles  were,  in  order,  Winston  Churchill,  Franklin 
Roosevelt  and  Adolf  Hitler.  ■ 

Gibbs  is  not  a  model  employee  in  Ventura,  Calif.  Your  resumes  to 
backspin@gibbs.com. 
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No  one  can  duck  Heartland  fallout  until  it  ends 


LAST  WEEK'S  report  of  JC  Penney  trying 
to  keep  its  name  out  of  the  Heartland  credit 
card  debacle  didn’t  get  anywhere  near  the 
attention  heaped  upon  hacker  mastermind  Albert  Gonzalez  netting 
himself  a  20-year  prison  sentence  in  the  case,  so  it’s  definitely  worth 
a  mention  here. 

According  to  an  IDG  News  Service  report,  JC  Penney  attorneys 
argued  in  December  of  last  year  that,  absent  evidence  of  resultant 
identity  theft,  disclosing  the  retail  chain’s  role  as  a  victim  in  the  Heart¬ 
land  case  “may  discourage  other  victims  of  cybercrimes  to  report  the 
cri  minal  activity  or  cooperate  with  enforcement  officials  for  fear  of  the 
retribution  and  reputational  damage  that  may  arise  from  a  policy  of 
disclosure  as  espoused  by  the  government  in  this  case.” 

U.S.  prosecutors  stated  the  obvious  in  response:  “Most  people  want 
to  know  when  their  credit  or  debit  card  numbers  have  been  put  at  risk, 
not  simply  if,  and  after,  they  have  clearly  been  stolen.” 

The  scales  of  justice  eventually  tipped  in  favor  of  disclosure,  but 
only  after  a  Massachusetts  judge  undid  the  bamboozlement  that  had 
allowed  a  New  Jersey  judicial  counterpart  to  buy  intoJC  Penney’s 
sorry  song  and  dance. 

And  should  anyone  doubt  the  wisdom  of  that  corrective  decision, 
they  should  have  a  chat  with  one  of  5,000  customers  of  Colorado’s 
First  National  Bank  of  Durango,  who  had  no  idea  that  they  were  poten¬ 
tial  Heartland  victims  until  being  notified  only  March  1  of  this  year. 
Actually,  as  many  as  20  of  them  may  have  suspected  earlier  when  they 
started  noticing  fraudulent  charges  to  their  accounts. 

I  learned  of  the  Colorado  bank  victims  through  an  item  in  a 


newsletter  published  by  DataLossDB  and  asked  one  of  that  organiza¬ 
tion’s  project  managers,  Kelly  Todd,  whether  it  was  indicative  of  there 
being  yet  more  Heartland  time  bombs  ticking  out  there;  little  stashes  of 
card  numbers  just  waiting  to  be  used  by  your  more  patient  criminals. 

Todd’s  reply:  “Yes,  that’s  how  I  read  it,  too.  At  least  one  list  sub¬ 
scriber  mailed  me  off-list  to  ask  why  people  don’t  realize  that  once 
card  numbers  or  other  personal  information  has  been  compromised, 
said  information  is  compromised  forever  (or  at  least  until  the  informa¬ 
tion  changes,  which  won’t  happen  for  SSN,  DOB,  and  99.999%  of  the 
time,  a  name).  A  year  later  and  still  reporting  Heartland-related  news? 
Sure.  Card  numbers  will  be  out  there  at  least  until  they  get  cancelled  or 
expire,  and  my  new  cards  usually  have  the  same  number  as  the  old  one, 
so  if  they’re  in  the  hands  of  the  bad  guys,  I’m  probably  at  risk  without 
even  knowing  it.” 

The  bottom  line  here  is  that  corporate  executives  will  first  and  fore¬ 
most  always  be  focused  on  their  corporate  interests:  their  own  bot¬ 
tom  lines.  Of  course  they’d  rather  not  have  their  good  names  sullied 
by  association  with  an  identity-theft  case  of  this  magnitude.  And  of 
course  they’ll  trot  out  the  lawyers  to  downplay  the  exposure  to  their 
customers . . .  it’s  all  part  of  minimizing  their  own  exposure. 

As  the  U.S.  prosecutor  noted  in  opposingJC  Penney’s  responsibility 
dodge,  most  people  want  to  know  when  their  credit  or  debit  card  num¬ 
bers  have  been  put  at  risk.  You  can  be  certain  that  “most  people”  here 
includes  the  JC  Penney  lawyers  who  argued  otherwise.  ■ 

Speaking  of  personally  identifiable  information  that  never  changes, 
the  address  is  buzz@nww.com. 
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Finally,  a  consolidated  virtualized  infrastructure,  from  the  data  center  to  the  desktop,  is  within  grasp.  Well,  not  literally  of  course. 
After  all,  it's  virtualized.  Start  with  Windows  Server®  2008  R2  with  built-in  Hyper-V™and  you  can  eliminate  costly  third-party 
software  like  VMware.  Add  SQL  Server®  2008  Enterprise,  with  unlimited  virtualization,  and  you  just  made  it  easier  to  eliminate 
racks  of  underutilized  servers.  Toss  in  System  Center  and  you've  centralized  management  across  the  enterprise  all  the  way  down 
to  the  application  level.  Translation?  Flexible  and  dynamic  virtualized  infrastructures  that  help  maximize  ROI,  reduce  TCO  and 
improve  business  continuity.  Just  don't  let  the  efficiency  go  to  your  head. 

To  learn  more  about  how  server  virtualization  can  make  you  more  efficient,  go  to  itseverybodysbusiness.com/virtual 
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There’s  one  simple 
reason  we  take  only 
days  to  implement. 


With  Dell  KACE™  you  get  a  complete  systems  management  solution  in  one  appliance.  Just  plug  it 
in  and  it  works.  No  assembly  required.  Some  other  vendors?  Well,  we  all  know  there’s  a  bit  more  to 
the  process  and  the  cost.  Call  us  today  and  we’ll  prove  to  you  how  easy  it  is  to  use  Dell  KACE. 
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